CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1919

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.8%

CVSS Severity

CVSS v2 Score 6.4

References

http://atmail.org/download/atmailopen.tgz
http://en.securitylab.ru/lab/PT-2011-48
http://secunia.com/advisories/47012
http://www.kb.cert.org/vuls/id/743555
http://atmail.org/download/atmailopen.tgz
http://en.securitylab.ru/lab/PT-2011-48
http://secunia.com/advisories/47012
http://www.kb.cert.org/vuls/id/743555

Products affected by CVE-2012-1919

Atmail » Atmail Open » Version: Any

cpe:2.3:a:atmail:atmail_open:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1919

Products

Pricing

Contact Us