PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter.
Add your gear to cvedb and we'll alert you only when phptpoint ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.