An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.
References
Link | Resource |
---|---|
https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/ | Exploit Third Party Advisory |
https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/ - Exploit, Third Party Advisory |
Information
Published : 2021-03-04 21:15
Updated : 2024-11-21 05:56
NVD link : CVE-2021-26293
Mitre link : CVE-2021-26293
CVE.ORG link : CVE-2021-26293
JSON object : View
Products Affected
afterlogic
- webmail_pro
- aurora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')