Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BasiliX Webmail远程任意文件泄露漏洞
Vulnerability Description
Basilix是一款基于WEB的邮件应用程序,支持邮件附件,地址簿和多语言支持。 Basilix在处理附件时存在问题,远程攻击者可以利用此漏洞获得系统中的任意文件。 当编辑邮件使用附件时没有对上载文件进行正确检查,当上载文件时,PHP设置一些全局变量,其中之一用于指定上载文件存储的临时位置,PHP一般也使用GET或者POST形式数据设置全局变量,但BasiliX没有对附件是否真正上传到服务器上进行检查,攻击者如果指定系统文件作为附件,当邮件发送时可使系统文件作为附件发送给远程攻击者,导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A