Mimemail
Monthly
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.