An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.
References
Link | Resource |
---|---|
https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-04T20:32:44
Updated: 2021-03-04T20:32:44
Reserved: 2021-01-27T00:00:00
Link: CVE-2021-26293
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-04T21:15:13.883
Modified: 2021-03-11T14:29:16.760
Link: CVE-2021-26293
JSON object: View
Redhat Information
No data.
CWE