Vulnerability Details CVE-2000-0977
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
- http://www.securityfocus.com/bid/1807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5358
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
- http://www.securityfocus.com/bid/1807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5358
Products affected by CVE-2000-0977
-
cpe:2.3:a:oatmeal_studios:mail_file:1.10