CVE-2005-3288

Mailsite Express - Unauthenticated Arbitrary File Upload and Remote Code Execution via Compose Page Attachment

Title source: llm
STIX 2.1

Description

Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.

References (1)

Core 1
Core References
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015063

Scores

EPSS 0.0131
EPSS Percentile 67.0%

Details

CWE
CWE-434
Status published
Products (1)
rockliffe/mailsite_express
Published Oct 23, 2005
Tracked Since Feb 18, 2026