[] NeoSense
E X P L O I T S
title author type platform port cve id

W3Mail 1.0.6 - File Disclosure

Author: Tim Brown
type: webapps
platform: cgi
port: nan
date_added: 2002-11-12 
date_updated: 2012-10-16 
verified: 1 
codes: CVE-2002-2399;OSVDB-59173 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6170/info

Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open() function as the filename argument without being sanitized. Attackers may cause any file on the filesystem to open by specifying its relative path using directory traversal characters.

viewAttachment.cgi?file=../../../../../etc/passwd
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.