| VID |
21363 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The IlohaMail Webmail software is vulnerable to a directory traversal flaw via the 'lang' variable. IlohaMail is a webmail package written in PHP. IlohaMail version 0.7.10 and earlier contain a flaw that allows a remote attacker to access files outside of the web root directory. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the int_lang variable. This issue affects versions prior to 0.7.5 but relate to the 'lang' variable, not 'int_lang'. To exploit this vulnerability, a remote attacker will send a "index.php" request containing "dot dot" sequences (/../) and a known file appended with a NULL byte character (%00).
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=7400
http://ilohamail.org/forum/view_thread.php?topic_id=5&id=1248
* Platforms Affected:
IlohaMail version 0.7.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of IlohaMail (0.7.11 or later), available from the IlohaMail Download site at http://sourceforge.net/projects/ilohamail/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
