MailForm 2.0 XX-attach_file Vulnerability

MailForm 2.0 uses a number of hidden form fields to process messages. Since hidden form fields can often be edited in a local copy of the page, attackers can exploit this to achieve malicious results.

The XX-attach_file field can be edited in MailForm 2.0 to cause the CGI to email the attacker a copy of any file that is readable by the CGI.


Privacy Statement
Copyright 2010, SecurityFocus