Directory Traversal Vulnerability in SquirrelMail 1.4.22 Allows Unauthorized File Exfiltration
CVE-2018-8741 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
Learn more about our Cis Benchmark Audit For Server Software.