CVE-2002-1527

EMU Webmail 5.0 - Information Disclosure via Malformed Script String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1527. PoCs published by FVS.

AI-analyzed exploit summary This is a writeup describing an information leakage vulnerability in Emumail. By injecting unexpected characters into web mail forms, an attacker can trigger an error that reveals the web root directory path.

Description

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by FVS · textwebappscgi
https://www.exploit-db.com/exploits/21877

This is a writeup describing an information leakage vulnerability in Emumail. By injecting unexpected characters into web mail forms, an attacker can trigger an error that reveals the web root directory path.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Emumail (version not specified)
No auth needed
Prerequisites: Access to Emumail web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10204.php
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5823
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10205.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html

Scores

EPSS 0.0748
EPSS Percentile 93.7%

Details

Status published
Products (1)
emumail/emu_webmail 5.0
Published Apr 02, 2003
Tracked Since Feb 18, 2026