[原文]MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.
TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests.
An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks.
MailPost contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a malformed HTTP GET request, which will cause MailPost to respond with error information that will confirm or deny the existence of a file, resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.