First published: Tue Dec 19 2000(Updated: )
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Horde IMP | =2.0 | |
Horde IMP | =2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.