Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0877


Vulnerability Score 5.0 5.0
CVE Id CVE-2000-0877
Last Modified 05 Sep 2008 04:22:05
Published 14 Nov 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE


Summary CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.

Vulnerable Systems


  • Ranson Johnson Mailform 2.0


BID - 1670

BUGTRAQ - 20000911 Unsafe passing of variables to in MailForm V2.0

XF - mailform-attach-file

Last Updated: 27 May 2016 10:35:54