Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2013-12-13T18:00:00
Updated: 2017-11-15T17:57:01
Reserved: 2013-12-13T00:00:00
Link: CVE-2013-7091
JSON object: View
NVD Information
Status : Modified
Published: 2013-12-13T18:07:54.780
Modified: 2020-06-04T12:10:19.700
Link: CVE-2013-7091
JSON object: View
Redhat Information
No data.
CWE