Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sake_mail | Endymion | 1.0.20 (including) | 1.0.20 (including) |
| Sake_mail | Endymion | 1.0.21 (including) | 1.0.21 (including) |
| Sake_mail | Endymion | 1.0.22 (including) | 1.0.22 (including) |
| Sake_mail | Endymion | 1.0.23 (including) | 1.0.23 (including) |
| Sake_mail | Endymion | 1.0.24 (including) | 1.0.24 (including) |
| Sake_mail | Endymion | 1.0.26 (including) | 1.0.26 (including) |
| Sake_mail | Endymion | 1.0.27 (including) | 1.0.27 (including) |
| Sake_mail | Endymion | 1.0.28 (including) | 1.0.28 (including) |
| Sake_mail | Endymion | 1.0.29 (including) | 1.0.29 (including) |
| Sake_mail | Endymion | 1.0.30 (including) | 1.0.30 (including) |
| Sake_mail | Endymion | 1.0.31 (including) | 1.0.31 (including) |
| Sake_mail | Endymion | 1.0.33 (including) | 1.0.33 (including) |
| Sake_mail | Endymion | 1.0.34 (including) | 1.0.34 (including) |
| Sake_mail | Endymion | 1.0.35 (including) | 1.0.35 (including) |
| Sake_mail | Endymion | 1.0.36 (including) | 1.0.36 (including) |