CVE-2000-0911 Information

Description

IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable which causes IMP to send the file to the attacker as an attachment.

Reference

http://www.securityfocus.com/archive/1/82088 http://www.securityfocus.com/bid/1679 https://exchange.xforce.ibmcloud.com/vulnerabilities/5227