Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote malicious users to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mercur mercur messaging 2005_sp2 |