Vulnerability Details : CVE-2000-0977
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
Exploit prediction scoring system (EPSS) score for CVE-2000-0977
Probability of exploitation activity in the next 30 days: 6.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2000-0977
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2000-0977
-
http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Exploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/5358
-
http://www.securityfocus.com/bid/1807
Exploit;Vendor Advisory
Products affected by CVE-2000-0977
- cpe:2.3:a:oatmeal_studios:mail_file:1.10:*:*:*:*:*:*:*