Vulnerability Details CVE-1999-1051
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-1999-1051
-
cpe:2.3:a:matt_wright:formhandler.cgi:1.0
-
cpe:2.3:a:matt_wright:formhandler.cgi:2.0
-
cpe:2.3:a:matt_wright:formhandler.cgi:3.0