vendor:
Mail Machine
by:
H4 / Team XPK
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: Mail Machine
Affected Version From: v3.980
Affected Version To: v3.989
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Unknown
Mail Machine Local File Include Exploit
This exploit targets the Mail Machine application versions v3.980, v3.985, v3.987, v3.988, and v3.989. It exploits a vulnerability in the mailmachine.cgi script where the open() function is not properly sanitized against user-supplied input. By exploiting this vulnerability, an attacker can disclose arbitrary files from the server.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input properly before using it in file operations.