VULHUB ™

It has been reported that it is possible for a remote attacker to obtain any file on the filesystem that is readable by the webserver process corresponding to their session. The "ar_file" variable specifies a file to be included in the outgoing e-mail message. It is possible for an attacker to specify any file by using its relative path. As the recipient of the e-mail message is specified by the client, any file on the filesystem accessible to the server process can be sent to any remote e-mail address.

It has been reported that it is possible for a remote attacker to obtain any file on the filesystem that is readable by the webserver process corresponding to their session. The "ar_file" variable specifies a file to be included in the outgoing e-mail message. It is possible for an attacker to specify any file by using its relative path. As the recipient of the e-mail message is specified by the client, any file on the filesystem accessible to the server process can be sent to any remote e-mail address.