CVE-2004-1206

pnTresMailer 6.0.3 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1206. PoCs published by John Cobb.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in pnTresMailer version 6.03, allowing arbitrary file retrieval via unsanitized input in the 'filetodownload' parameter. No actual exploit code is present, only a description and example URL.

Description

Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by John Cobb · textwebappsphp

https://www.exploit-db.com/exploits/24783

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in pnTresMailer version 6.03, allowing arbitrary file retrieval via unsanitized input in the 'filetodownload' parameter. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: pnTresMailer 6.03

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11767

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110149886306037&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18263

Scores

EPSS 0.0745

EPSS Percentile 93.7%

Details

Status published

Published Jan 10, 2005

Tracked Since Feb 18, 2026