VULHUB ™

HyperMail is free, open-source mailing list software which will take e-mail and convert it to HTML. Attachments sent in e-mail are not modified in any way before being archived by HyperMail. This becomes an issue if SSI is enabled on the host running HyperMail, as it is possible to upload a file with an SSI extension, such as .shtml, which contains server-side includes that will be executed when the attachment is requested. However, the root of this issue is that a user may send an attachment with an arbitrary file extension, which will then be archived. Other content may be executed on the server as a result of this vulnerability.

HyperMail is free, open-source mailing list software which will take e-mail and convert it to HTML. Attachments sent in e-mail are not modified in any way before being archived by HyperMail. This becomes an issue if SSI is enabled on the host running HyperMail, as it is possible to upload a file with an SSI extension, such as .shtml, which contains server-side includes that will be executed when the attachment is requested. However, the root of this issue is that a user may send an attachment with an arbitrary file extension, which will then be archived. Other content may be executed on the server as a result of this vulnerability.