CVE Vulnerabilities

CVE-2000-0911

Published: Dec 19, 2000 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

Affected Software

Name Vendor Start Version End Version
Imp Horde 2.0 2.0
Imp Horde 2.2 2.2

References