| VID |
21136 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Stalkerlab Mailers version 1.1.2 and later contains a vulnerability in the CGImail.exe program which could allow a mailcious user to obtain access to local files on the web server. A remote user could save the web page locally and modify different variables (i.e. $To$, $Attach$, $File$) which would cause the program to send any file on the web server to the user. |
| Recommendation |
No remedy available as of June 2014. Remove the '/scripts/CGImail.exe' file. |
| Related URL |
CVE-2000-0726 (CVE) |
| Related URL |
1623 (SecurityFocus) |
| Related URL |
5165 (ISS) |
|
