CVE-2010-5334

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue allows for directory traversal, potentially resulting in the loss of confidential data from IceWarp Mailserver and the operating system. Input passed via the c parameter to "basic/index.html" is not properly sanitized, enabling exploitation to browse the partition where IceWarp is installed and read arbitrary files.

Recommendations For versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "basic/index.html" endpoint to minimize the risk of exploitation. Avoid using the c parameter in the affected endpoint until the issue is resolved.