CVE-1999-1051 - CVE Details

Description

Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

matt_wright - formhandler.cgi

Affected Versions:

matt_wright - formhandler.cgi

Affected Versions:

matt_wright - formhandler.cgi

Affected Versions:

References

http://www.securityfocus.com/archive/1/34939
ExploitVendor Advisory
http://www.securityfocus.com/archive/1/34939
ExploitVendor Advisory