webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote malicious users to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
comingchina u-mail webmail server 4.91 |