CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-26294

HIGH
7.5
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile20.45th
Published2021年3月7日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).

Affected Platforms (CPE)

📦
Afterlogic

Aurora

<= 7.7.9
📦
Afterlogic

Webmail Pro

<= 7.7.9

References & Advisories

🔗 https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
🔗 https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md

関連する脆弱性情報

CVE-2021-4187310.0

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized a...

CVE-2021-262939.8

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow director...

CVE-2007-00189.3

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allo...

CVE-2010-02498.8

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Window...