Attachmax Multiple Security Vulnerabilities

Attachmax Multiple Security Vulnerabilities

Attachmax is prone to multiple security vulnerabilities, including an information-disclosure issue, a remote file-include issue, and an SQL-injection issue.

An attacker may exploit these issues to obtain sensitive information that will aid in further attacks, to include arbitrary remote files containing malicious PHP code, or to manipulate the SQL query logic to carry out unauthorized actions on the underlying database.

These issues affect Attachmax 2.1 (Dolphin); other versions may also be affected.