Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.

References

• https://nvd.nist.gov/vuln/detail/CVE-2001-1045
• https://exchange.xforce.ibmcloud.com/vulnerabilities/6873
• http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html
• http://www.securityfocus.com/bid/2995