Arbitrary File Execution via Directory Traversal in GNU Mailman

CVE-2015-2775 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.

Learn more about our Web Application Penetration Testing UK.