Arbitrary File Attachment Vulnerability in Mime Mail Module for Drupal

Arbitrary File Attachment Vulnerability in Mime Mail Module for Drupal

CVE-2012-4495 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.

Learn more about our User Device Pen Test.