5
CVSSv2

CVE-1999-1050

Published: 12/11/1999 Updated: 19/12/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote malicious users to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.

Vulnerable Product Search on Vulmon Subscribe to Product

matt wright formhandler.cgi 3.0

matt wright formhandler.cgi 2.0

matt wright formhandler.cgi 1.0

Exploits

source: wwwsecurityfocuscom/bid/799/info Any file that the FormHandlercgi has read access to (the cgi is typically run as user 'nobody' on Unix systems) can be specified as an attachment in a reply email This could allow an attacker to gain access to sensitive files such as /etc/passwd simply by modifying the form document @ALLOWED_A ...