CVE-2008-4932

Name of the Vulnerable Software and Affected Versions U-Mail Webmail server version 4.91

Description The issue allows remote attackers to overwrite arbitrary files by providing an absolute pathname in the path parameter and arbitrary content in the content parameter in the webmail/modules/filesystem/edit.php file. This can be leveraged for code execution by writing to a file under the web document root.

Recommendations For U-Mail Webmail server version 4.91, restrict access to the webmail/modules/filesystem/edit.php file to minimize the risk of exploitation. Avoid using the path and content parameters in this file until the issue is resolved.