Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AtMail Open-Source CRLF注入漏洞
Vulnerability Description
AtMail是澳大利亚Atmail公司的一款开源的WebMail客户端,它提供Webmail界面、通信录管理、日历等功能,并支持IMAP、视频邮件等。 AtMail Open-Source 1.05版本之前的@Mail WebMail Client中的mime.php中存在CRLF注入漏洞。远程攻击者可利用该漏洞借助file参数中的其后带有..(点 点)的%0A序列执行目录遍历攻击,读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A