CRLF Injection Vulnerability in AtMail Open-Source WebMail Client Allows Directory Traversal and Arbitrary File Reading

CRLF Injection Vulnerability in AtMail Open-Source WebMail Client Allows Directory Traversal and Arbitrary File Reading

CVE-2012-1919 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.

Learn more about our Web App Pen Testing.