Description
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
Exploits (1)
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10204.php
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5823
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10205.php
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html
Scores
EPSS
0.0431
EPSS Percentile
89.0%
Details
Status
published
Products (1)
emumail/emu_webmail
5.0
Published
Apr 02, 2003
Tracked Since
Feb 18, 2026