PT-2019-7237 · Mailenable · Mailenable
Soroush Dalili
·
Publicado
2019-01-16
·
Atualizado
2019-01-17
·
CVE-2015-9277
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 8.60
Description
The issue allows for Directory Traversal, enabling unauthorized actions such as reading messages of other users, uploading files, and deleting files. This is due to the mishandling of "/../" and "/.. /" sequences.
Recommendations
For MailEnable versions prior to 8.60, update to version 8.60 or later to resolve the issue.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mailenable