mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-14 20:08:44 +00:00
754 B
754 B
CVE-2012-1917
Description
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence.
POC
Reference
Github
No PoCs found on GitHub currently.