CVE-2018-18703
HIGHPhpTpoint Mailing Server Using File Handling 1.0 - Unauthenticated Arbitrary File Read via Directory Traversal
Title source: llmDescription
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/149965/PHPTPoint-Mailing-Server-Using-File-Handling-1.0-Arbitrary-File-Read.html
Scores
CVSS v3
7.5
EPSS
0.0408
EPSS Percentile
89.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
phptpoint/mailing_server_using_file_handling
1.0
Published
Oct 29, 2018
Tracked Since
Feb 18, 2026