PT-2021-16988 · Afterlogic · Afterlogic Aurora+1

Emircan Yildiz

Published

2021-03-07

Updated

2022-01-11

CVE-2021-26294

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AfterLogic Aurora versions 7.7.9 and earlier WebMail Pro versions 7.7.9 and earlier

Description An issue allows directory traversal to read files, such as a settings.xml file containing admin panel credentials. This can be demonstrated by accessing the "dav/server.php/files/personal/%2e%2e" endpoint using the caldav public user account with caldav public user as its password.

Recommendations For AfterLogic Aurora versions 7.7.9 and earlier, update to a version that fixes the directory traversal issue. For WebMail Pro versions 7.7.9 and earlier, update to a version that fixes the directory traversal issue. As a temporary workaround, consider restricting access to the dav/server.php/files/personal/ endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-26294

Affected Products

Afterlogic Aurora

Webmail Pro

PT-2021-16988 · Afterlogic · Afterlogic Aurora+1

CVE-2021-26294

Weakness Enumeration

Related Identifiers

Affected Products

References · 6