W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:49
Updated: 2022-10-03T16:23:49
Reserved: 2022-10-03T00:00:00
Link: CVE-2002-2331
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-12-31T05:00:00.000
Modified: 2008-09-05T20:32:56.773
Link: CVE-2002-2331
JSON object: View
Redhat Information
No data.
CWE