IlohaMail Attachment Upload Vulnerability Network Vulnerability

Summary

The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions do not properly check the upload path for file attachments, which may allow an attacker to place a file on the target in a location writable by the web user if the file-based backend is in use. For a discussion of this vulnerability, see : http://ilohamail.org/forum/view_thread.php?topic_id=5&id=561 ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of IlohaMail ***** installed there.

Solution

Upgrade to IlohaMail version 0.7.9 or later.

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
3Com NBX VoIP NetSet Detection
Apache Rave User Information Disclosure Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities