Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2018-18703

Description

PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.

POC

Reference

- https://packetstormsecurity.com/files/149965/PHPTPoint-Mailing-Server-Using-File-Handling-1.0-Arbitrary-File-Read.html

Github

No PoCs found on GitHub currently.