mailform.pl CGI script in MailForm 2.0 allows remote malicious users to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ranson johnson mailform 2.0 |