Open Webmail : Security Vulnerabilities, CVEs, (Code Execution)
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-12-26
Updated
2017-10-10
1 vulnerabilities found