A vulnerability has been identified in QuarkMail, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by an input validation error in the "cgi-bin/get_message.cgi" script that does not validate the "tf" parameter, which could be exploited to download arbitrary files via a directory traversal attack.
