Directory Traversal Vulnerabilities in IceWarp Mail Server before 11.2

Directory Traversal Vulnerabilities in IceWarp Mail Server before 11.2

CVE-2015-1503 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.

Learn more about our Web App Pen Testing.