IlohaMail index.php init_lang Parameter Arbitrary File Access

medium Nessus Plugin ID 14630

Synopsis

The remote web server is running a PHP application that is affected by an information disclosure vulnerability.

Description

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user.

Solution

Upgrade to IlohaMail version 0.7.11 or later.

See Also

http://www.nessus.org/u?066bde18

Plugin Details

Severity: Medium

ID: 14630

File Name: ilohamail_arbitrary_file_access_via_lang.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 9/2/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Vulnerability Publication Date: 3/4/2003