Vulnerability Details CVE-2018-18703
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 90.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18703
-
cpe:2.3:a:phptpoint:mailing_server_using_file_handling:1.0