Описание
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 16.0.6345 (включая) до 16.3.6985 (исключая)
cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.1338
Средний
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
EPSS
Процентиль: 94%
0.1338
Средний
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22