[原文]NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.
NOCC Mail Attachment Predictable Temp File Name Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
NOCC contains a flaw that allows an attacker to execute programs remotely. This flaw exists because the application chooses a predictable way to determine temporary filenames for email attachments. This could allow a user to upload a malicious script via an email attachment and execute it, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.