IMP 2.2 and previous versions allows malicious users to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
horde imp 2.0 |
||
horde imp 2.2 |