config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| igenus | igenus_webmail | 2.0 |
| igenus | igenus_webmail | 2.01 |
| igenus | igenus_webmail | 2.02 |