Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MailReader.com nph-mr.cgi远程文件泄露漏洞
Vulnerability Description
Mailreader.com是一款由Perl编写基于WEB的POP3邮件阅读程序。 Mailreader中的nph-mr.cgi脚本对configLanguage参数检查不充分,远程攻击者可以利用这个漏洞以WEB权限查看系统任意文件内容。 Mailreader默认安装提供对各种语言的支持,不过nph-mr.cgi脚本对configLanguage的参数输入缺少正确检查,使用多个'./'字符和NULL"毒药",可能以WEB进程权限查看系统任意文件内容。
CVSS Information
N/A
Vulnerability Type
N/A