Shennan Wang

**Name of the Vulnerable Software and Affected Versions** U-Mail Webmail server version 4.91 **Description** The issue allows remote attackers to overwrite arbitrary files by providing an absolute pathname in the `path` parameter and arbitrary content in the `content` parameter in the webmail/modules/filesystem/edit.php file. This can be leveraged for code execution by writing to a file under the web document root. **Recommendations** For U-Mail Webmail server version 4.91, restrict access to the webmail/modules/filesystem/edit.php file to minimize the risk of exploitation. Avoid using the `path` and `content` parameters in this file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EdiorCMS (ecms) version 3.0 **Description** A directory traversal issue exists in the search.php file, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the ` SearchTemplate` parameter during a Title search. **Recommendations** For EdiorCMS (ecms) version 3.0, consider restricting access to the search.php file or limiting the ` SearchTemplate` parameter to prevent directory traversal attacks until a patch is available.