Chua Meng Han

**Name of the Vulnerable Software and Affected Versions** SmarterTools SmarterMail versions prior to 100.0.9413 SmarterTools SmarterMail versions prior to 9483 **Description** An unrestricted upload of files with dangerous types allows an unauthenticated attacker to upload arbitrary files to any location on the mail server. This can potentially enable remote code execution by allowing the attacker to place harmful binaries or web shells on the server that execute with the same permissions as the SmarterMail service. Reconnaissance activity has been detected targeting the API endpoint '/api/v1/licensing/about' to retrieve version information and identify vulnerable instances. **Recommendations** Update SmarterTools SmarterMail to version 100.0.9413 or later. Update SmarterTools SmarterMail to version 9483 or later. Implement file upload restrictions and use web application firewalls to minimize the risk of exploitation.