Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_webmail | Open_webmail | 1.7 (including) | 1.7 (including) |
Open_webmail | Open_webmail | 1.8 (including) | 1.8 (including) |
Open_webmail | Open_webmail | 1.71 (including) | 1.71 (including) |
Open_webmail | Open_webmail | 1.81 (including) | 1.81 (including) |
Open_webmail | Open_webmail | 1.90 (including) | 1.90 (including) |
Open_webmail | Open_webmail | 2.30 (including) | 2.30 (including) |