VYPR

Mail Machine

by Mail Machine

CVEs (2)

  • CVE-2007-3702Jul 11, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

  • CVE-2007-6551Dec 28, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.