exploitDog

CVE-2017-9846

Опубликовано: 24 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

Ссылки

http://www.magicwinmail.com/changelog.php
Release Notes
Vendor Advisory
https://github.com/zhonghaozhao/winmail/issues/1
Issue Tracking
Patch
Third Party Advisory
http://www.magicwinmail.com/changelog.php
Release Notes
Vendor Advisory
https://github.com/zhonghaozhao/winmail/issues/1
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magicwinmail:winmail_server:6.1:-:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01438

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-h6gg-6vf7-hrjf

CVSS3: 8.8

github

больше 3 лет назад

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

EPSS

Процентиль: 80%

0.01438

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22