Path Traversal in Pineapp Mail-secure

CVE-2013-6827

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (42.3th percentile) — read the EPSS interpretation.

Affected products

Pineapp Mail-secure
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

20131119 pineapp mailsecure pwnage (mailing-list, x_refsource_FULLDISC)