HomePentest-Tools.com Logo

BasiliX Arbitrary File Disclosure Vulnerability CVE-2002-1710

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fact uploaded. Further, since these versions do not sanitize input to the login.php3 script, its possible for an attacker to establish a session on the target without otherwise having access there by authenticating against an IMAP server of his or her choosing.

Risk description
Not available
Recommendation

Upgrade to BasiliX version 1.1.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 31, 2002
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available