Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
Exploitability
AV:LAC:LAu:NImpact
C:PI:PA:N3.6/AV:L/AC:L/Au:N/C:P/I:P/A:N