Back to search
CVE-2008-4932
Published: Nov 5, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32540
third-party-advisory
x_refsource_SECUNIA
umail-edit-file-upload(46300)
vdb-entry
x_refsource_XF
20081031 U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability
mailing-list
x_refsource_BUGTRAQ
32013
vdb-entry
x_refsource_BID
4565
third-party-advisory
x_refsource_SREASON
6898
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now