W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-26T19:00:00Z

Updated: 2024-09-17T00:42:18.674Z

Reserved: 2007-10-26T00:00:00Z

Link: CVE-2002-2331

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-12-31T05:00:00.000

Modified: 2024-11-20T23:43:25.697

Link: CVE-2002-2331

cve-icon Redhat

No data.