CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4932

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile29.48th
PublishedNov 5, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.

Affected Platforms (CPE)

πŸ“¦
Comingchina

U Mail Webmail Server

= 4.91

References & Advisories

πŸ”— http://secunia.com/advisories/32540
πŸ”— http://securityreason.com/securityalert/4565
πŸ”— http://www.securityfocus.com/archive/1/497961/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/32013
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/46300
πŸ”— https://www.exploit-db.com/exploits/6898
πŸ”— http://secunia.com/advisories/32540
πŸ”— http://securityreason.com/securityalert/4565

Related Vulnerabilities

CVE-2004-24957.8

The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service ...

CVE-2011-35796.4

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and po...

CVE-2015-53795.4

Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remo...

CVE-2002-10055.0

ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the em...