First published: Thu Dec 26 2002(Updated: )
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open Webmail Open Webmail | =1.7 | |
Open Webmail Open Webmail | =1.81 | |
Open Webmail Open Webmail | =1.71 | |
Open Webmail Open Webmail | =1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.