CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26294

HIGH
7.5
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile20.45th
PublishedMar 7, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).

Affected Platforms (CPE)

📦
Afterlogic

Aurora

<= 7.7.9
📦
Afterlogic

Webmail Pro

<= 7.7.9

References & Advisories

🔗 https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
🔗 https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md

Related Vulnerabilities

CVE-2021-4187310.0

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized a...

CVE-2021-262939.8

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow director...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...

CVE-2010-02498.8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Window...