SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
References
Link | Resource |
---|---|
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ | Third Party Advisory |
https://www.smartertools.com/smartermail/release-notes/current | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-24T14:46:14
Updated: 2019-04-24T14:46:14
Reserved: 2019-01-29T00:00:00
Link: CVE-2019-7213
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-24T15:29:02.013
Modified: 2019-04-30T16:52:58.293
Link: CVE-2019-7213
JSON object: View
Redhat Information
No data.
CWE