mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Mailform |
Ranson_johnson |
2.0 |
2.0 |
References