漏洞描述
Zimbra Collaboration Suite(ZCS)是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite 8.8.15 和 9.0 存在路径遍历漏洞,具有管理员权限的经过身份验证的用户能够将任意文件上传到系统,从而导致目录遍历。
Zimbra Collaboration Suite 路径遍历漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2019-9670: Zimbra Collaboration XXE
- POC CVE-2013-7091: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
- POC CVE-2018-14013: Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
- POC CVE-2019-9670: Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
- POC CVE-2020-7796: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
- POC CVE-2022-27926: Zimbra Collaboration (ZCS) - Cross Site Scripting
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2023-34192: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2023-37580: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2024-45519: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2019-9621: Zimbra Collaboration Suite - SSRF
- POC CVE-2022-24682: Zimbra Collaboration Suite < 8.8.15 - Improper Encoding