← CVECheck
HomeVulnerabilities

CVE-2002-1385 — HIGH severity vulnerability (openwebmail_init in Open WebMail 1.81 and earlier allows loc)

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

CVE IDCVE-2002-1385
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2002-12-26
Last modified2026-04-16
Descriptionopenwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →