Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote malicious users to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icewarp web mail 5.5.1 |
||
merak mail server 8.2.4r |