Back to search
CVE-2000-0877
Published: Sep 18, 2001
Modified: Aug 8, 2024
PUBLISHED
Description
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1670
vdb-entry
x_refsource_BID
mailform-attach-file(5224)
vdb-entry
x_refsource_XF
20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now