CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26293

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile0.44th
PublishedMar 4, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.

Affected Platforms (CPE)

📦
Afterlogic

Aurora

<= 8.5.3
📦
Afterlogic

Webmail Pro

<= 8.5.3

References & Advisories

🔗 https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/
🔗 https://auroramail.wordpress.com/2021/02/03/addressing-dav-related-vulnerability-in-webmail-and-aurora/

Related Vulnerabilities

CVE-2021-4187310.0

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized a...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...

CVE-2010-02498.8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Window...

CVE-2021-262947.5

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read f...