Matt Wright » Formhandler.cgi : Security Vulnerabilities, CVEs,
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
Max CVSS
5.0
EPSS Score
0.81%
Published
1999-11-16
Updated
2008-09-05
Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.
Max CVSS
5.0
EPSS Score
1.99%
Published
1999-11-12
Updated
2017-12-19
2 vulnerabilities found