CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source prior to 1.05 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atmail atmail open |