Vulnerabilities > CVE-2007-3702 - Local File Include vulnerability in Mike's World Mail Machine Mailmachine.CGI

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mail-machine

exploit available

NVD

Published: 2007-07-11

Updated: 2017-09-29

Summary

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

Vulnerable Configurations

Part	Description	Count
Application	Mail_Machine Mail Machine Mail Machine 3.980 Mail Machine Mail Machine 3.985 Mail Machine Mail Machine 3.987 Mail Machine Mail Machine 3.988 Mail Machine Mail Machine 3.989	5

Exploit-Db

description	Mail Machine <= 3.989 Local File Inclusion Exploit. CVE-2007-3702. Webapps exploit for php platform
file	exploits/php/webapps/4171.pl
id	EDB-ID:4171
last seen	2016-01-31
modified	2007-07-10
platform	php
port
published	2007-07-10
reporter	H4 / XPK
source	https://www.exploit-db.com/download/4171/
title	Mail Machine <= 3.989 - Local File Inclusion Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References