CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-4932

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile29.48th
Published2008年11月5日
Last Modified2026年4月23日

Vulnerability Description

webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.

Affected Platforms (CPE)

📦
Comingchina

U Mail Webmail Server

= 4.91

References & Advisories

🔗 http://secunia.com/advisories/32540
🔗 http://securityreason.com/securityalert/4565
🔗 http://www.securityfocus.com/archive/1/497961/100/0/threaded
🔗 http://www.securityfocus.com/bid/32013
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/46300
🔗 https://www.exploit-db.com/exploits/6898
🔗 http://secunia.com/advisories/32540
🔗 http://securityreason.com/securityalert/4565

相關漏洞威脅

CVE-2004-24957.8

The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service ...

CVE-2011-35796.4

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and po...

CVE-2015-53795.4

Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remo...

CVE-2002-10055.0

ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the em...