1. CVE-Search
  2. CVE-2002-0410
ID CVE-2002-0410
Summary send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
References
Vulnerable Configurations
  • cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-09-2008 - 20:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 4214
bugtraq 20020303 AeroMail multiple vulnerabilities
confirm http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
misc http://the.cushman.net/projects/aeromail/download/
xf aeromail-obtain-files(8345)
Last major update 05-09-2008 - 20:27
Published 26-07-2002 - 04:00
Last modified 05-09-2008 - 20:27
Back to Top