Vulnerability Details : CVE-2002-2331
W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2002-2331
Probability of exploitation activity in the next 30 days: 0.63%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-2331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2002-2331
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-2331
Products affected by CVE-2002-2331
- cpe:2.3:a:cascadesoft:w3mail:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cascadesoft:w3mail:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cascadesoft:w3mail:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cascadesoft:w3mail:1.0.5:*:*:*:*:*:*:*