CVE-2019-7213

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 6985

Description The issue allows an authenticated user to perform directory traversal, enabling them to delete arbitrary files or create files in new folders in arbitrary locations on the mail server. This could potentially lead to command execution on the server, for example, by placing files inside the web directories.

Recommendations For versions prior to build 6985, update to build 6985 or later to resolve the issue. As a temporary workaround, consider restricting file access and creation capabilities for authenticated users to minimize the risk of exploitation.