header-logo
Suggest Exploit
vendor:
W3Mail
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure
22
CWE
Product Name: W3Mail
Affected Version From: 1.0.6
Affected Version To: Greater
Patch Exists: YES
Related CWE: N/A
CPE: a:w3mail:w3mail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

W3Mail File Disclosure Vulnerability

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters.

Mitigation:

Input validation should be used to ensure that user-supplied data is not used to access files outside of the intended directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters. 

viewAttachment.cgi?file=../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR