VULHUB ™

The PHP-Nuke mailattach.php script does not properly filter input, potentially allowing files to be uploaded to the system outside the webroot. By including directory traversal characters with the filename to upload, an attacker could possibly overwrite other files on the system or save malicious files to sensitive locations.

The PHP-Nuke mailattach.php script does not properly filter input, potentially allowing files to be uploaded to the system outside the webroot. By including directory traversal characters with the filename to upload, an attacker could possibly overwrite other files on the system or save malicious files to sensitive locations.