PT-2019-18465 · Smartertools · Smartermail

Published

2019-04-24

Updated

2019-04-30

CVE-2019-7213

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 6985

Description The issue allows an authenticated user to perform directory traversal, enabling them to delete arbitrary files or create files in new folders in arbitrary locations on the mail server. This could potentially lead to command execution on the server, for example, by placing files inside the web directories.

Recommendations For versions prior to build 6985, update to build 6985 or later to resolve the issue. As a temporary workaround, consider restricting file access and creation capabilities for authenticated users to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-7213

Affected Products

Smartermail

PT-2019-18465 · Smartertools · Smartermail

CVE-2019-7213

Weakness Enumeration

Related Identifiers

Affected Products

References · 4