VULHUB ™

Vulnerable versions of IlohaMail do not sufficiently check the upload path for file attachments when a message is composed. As a result, a malicious user of the webmail system may be able to place a file on the host in any location which is writeable by the webserver process. It is also possible that local files may be overwritten by the malicious file attachment.

Vulnerable versions of IlohaMail do not sufficiently check the upload path for file attachments when a message is composed. As a result, a malicious user of the webmail system may be able to place a file on the host in any location which is writeable by the webserver process. It is also possible that local files may be overwritten by the malicious file attachment.