Vulnerability Details CVE-2002-0410
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
- http://the.cushman.net/projects/aeromail/download/
- http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
- http://www.iss.net/security_center/static/8345.php
- http://www.securityfocus.com/bid/4214
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
- http://the.cushman.net/projects/aeromail/download/
- http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
- http://www.iss.net/security_center/static/8345.php
- http://www.securityfocus.com/bid/4214
Products affected by CVE-2002-0410
-
cpe:2.3:a:aeromail:aeromail:1.02
-
cpe:2.3:a:aeromail:aeromail:1.10
-
cpe:2.3:a:aeromail:aeromail:1.20
-
cpe:2.3:a:aeromail:aeromail:1.26
-
cpe:2.3:a:aeromail:aeromail:1.30
-
cpe:2.3:a:aeromail:aeromail:1.40