Mercur: >> Mercur Messaging >> 2005_sp2 Security Vulnerabilities
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-18
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
CVSS Score
7.5
EPSS Score
0.008
Published
2005-05-18