csMailto.cgi contains a flaw that may allow a malicious user to access arbitrary files on the server. The issue is triggered when a hidden form field value is modified. It is possible that the flaw may allow execution of arbitrary commands on the system resulting in a loss of confidentiality.
Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.