Information from futomi Co., Ltd.

*Overview

MP Form Mail CGI Professional Edition contains a directory traversal vulnerability.

*Products Affected

This vulnerability was confirmed to exist in version 3.2.3 and earlier.

*Impact

Users who is logging in the administration menu of MP Form Mail CGI Professional Edition may download arbitrary files in the server which the CGI is installed.

*Solution

Update to the latest version. You can find the details of installation in the manual (Japanese) of MP Form Mail CGI Professional Edition.
http://www.futomi.com/library/manual/mpmailp/index.html