CVE-2000-0977

MailFile 1.10 - Info Disclosure

Title source: llm

Description

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dirk Brockhausen · perlremotecgi

https://www.exploit-db.com/exploits/20303

View Code ZIP pw:eip

References (3)

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5358

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/1807

Scores

EPSS 0.0409

EPSS Percentile 88.6%

Details

Status published

Products (1)

oatmeal_studios/mail_file 1.10

Published Dec 19, 2000

Tracked Since Feb 18, 2026