vendor:
MailPost
by:
4
CVSS
MEDIUM
Remote File Enumeration
22
CWE
Product Name: MailPost
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
TIPS MailPost Remote File Enumeration Vulnerability
The TIPS MailPost application is affected by a remote file enumeration vulnerability. This vulnerability arises due to the application's failure to properly sanitize user requests. An attacker can exploit this vulnerability to gain knowledge of the existence of files outside the Web root directory. By accessing the URL 'http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com', an attacker can enumerate the contents of the 'winnt/system.ini' file, which can then be used to facilitate further attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to properly sanitize user requests before processing them. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.