CVE-2002-2331
published 2002-12-31CVE-2002-2331: W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be…
PriorityP425medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
2.08%
79.1th percentile
W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cascadesoft | w3mail | — | — |
| cascadesoft | w3mail | — | — |
| cascadesoft | w3mail | — | — |
| cascadesoft | w3mail | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2002-12-31
Published