CVE-2018-18703

HIGH

PhpTpoint Mailing Server Using File Handling 1.0 - Unauthenticated Arbitrary File Read via Directory Traversal

Title source: llm
STIX 2.1

Description

PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0408
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
phptpoint/mailing_server_using_file_handling 1.0
Published Oct 29, 2018
Tracked Since Feb 18, 2026