CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-1999-1051
https://notcve.org/view.php?id=CVE-1999-1051
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. • http://www.securityfocus.com/archive/1/34939 •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 4CVE-1999-1050 – Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment
https://notcve.org/view.php?id=CVE-1999-1050
Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. • https://www.exploit-db.com/exploits/19620 http://www.securityfocus.com/archive/1/34600 http://www.securityfocus.com/archive/1/34939 http://www.securityfocus.com/bid/798 http://www.securityfocus.com/bid/799 https://exchange.xforce.ibmcloud.com/vulnerabilities/3550 •