Ranson Johnson: Security Vulnerabilities
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
CVSS Score
5.0
EPSS Score
0.01
Published
2000-11-14
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
CVSS Score
7.5
EPSS Score
0.012
Published
2000-11-14