|
|
MailForm 2.0 XX-attach_file Vulnerability
MailForm 2.0 uses a number of hidden form fields to process messages. Since hidden form fields can often be edited in a local copy of the page, attackers can exploit this to achieve malicious results. The XX-attach_file field can be edited in MailForm 2.0 to cause the CGI to email the attacker a copy of any file that is readable by the CGI. |
|
Privacy Statement |