Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4932

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-4932
Last Modified 26 Feb 2009 02:02:17
Published 05 Nov 2008 10:00:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4932

Summary

webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.

Vulnerable Systems

Application

  • Comingchina U-mail Webmail Server 4.91


References

XF - umail-edit-file-upload(46300)

BID - 32013

BUGTRAQ - 20081031 U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability

SREASON - 4565

SECUNIA - 32540

MILW0RM - 6898


Last Updated: 27 May 2016 10:48:40