- Home
- CVEs with nessus.description==The version of Majordomo 2 on the remote host fails to sanitize input to the 'extra' parameter of the 'mj_wwwusr' script before using it to return the contents of a file.
An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the web server. Information harvested may aid in launching further attacks.
Note that this issue is also reportedly exploitable through Majordomo's email interface, although Nessus has not checked for that.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top