漏洞描述
AfterLogic WebMail Pro 是一个基于浏览器WebEmail客户端,能够很是方便的和现有的消息系统(邮件系统)集成。攻击者可以通过caldav_public_user@localhost用户登录,不需要其它用户信息就可以读取配置文件从而获得敏感信息。
Afterlogic Aurora & WebMail Pro 任意文件读取(CVE-2021-26294)
PoC代码
暂无相关漏洞推荐
- POC CVE-2005-2428: Lotus Domino R5 and R6 WebMail - Information Disclosure
- POC CVE-2017-7855: IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
- POC CVE-2020-27982: IceWarp WebMail 11.4.5.0 - Cross-Site Scripting
- POC CVE-2020-8512: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
- POC CVE-2021-26292: AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure
- POC CVE-2021-26294: AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure
- POC CVE-2022-31470: Axigen WebMail - Cross-Site Scripting
- POC CVE-2023-38192: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
- POC CVE-2023-38194: SuperWebMailer - Cross-Site Scripting
- POC CVE-2023-40355: Axigen WebMail - Cross-Site Scripting
- POC CVE-2024-24131: SuperWebMailer 9.31.0.01799 - Cross-Site Scripting
- POC aurora-copy-tags-snap: Aurora Snapshot Tag Copy
- POC aurora-delete-protect: Aurora Cluster Deletion Protection