CVE-2007-3702

Mail Machine - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H4 / XPK · perlwebappsphp

https://www.exploit-db.com/exploits/4171

View Code ZIP pw:eip

References (6)

[Exploit] http://www.securityfocus.com/bid/24852

[Third Party Advisory] http://secunia.com/advisories/26009

[Third Party Advisory, VDB Entry] http://osvdb.org/38452

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2519

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35327

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4171

Scores

EPSS 0.1090

EPSS Percentile 93.4%

Details

Status published

Products (5)

mail_machine/mail_machine 3.980

mail_machine/mail_machine 3.985

mail_machine/mail_machine 3.987

mail_machine/mail_machine 3.988

mail_machine/mail_machine 3.989

Published Jul 11, 2007

Tracked Since Feb 18, 2026