CVE-2010-5335

Name of the Vulnerable Software and Affected Versions IceWarp Webclient versions prior to 10.2.1

Description The issue allows for directory traversal, potentially resulting in the loss of confidential data from IceWarp Mailserver and the operating system. Input passed via a certain parameter to the script at "basic/minimizer/index.php" is not properly sanitized, enabling exploitation to browse the partition where IceWarp is installed, or the whole system, and read arbitrary files.

Recommendations For versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "basic/minimizer/index.php" script to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected script until the issue is resolved.