Vulnerability Description
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Comingchina | U-Mail Webmail Server | 4.91 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32540
- http://securityreason.com/securityalert/4565
- http://www.securityfocus.com/archive/1/497961/100/0/threaded
- http://www.securityfocus.com/bid/32013Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46300
- https://www.exploit-db.com/exploits/6898
- http://secunia.com/advisories/32540
- http://securityreason.com/securityalert/4565
- http://www.securityfocus.com/archive/1/497961/100/0/threaded
- http://www.securityfocus.com/bid/32013Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46300
- https://www.exploit-db.com/exploits/6898
FAQ
What is CVE-2008-4932?
CVE-2008-4932 is a vulnerability with a CVSS score of 9.0 (HIGH). webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the conte...
How severe is CVE-2008-4932?
CVE-2008-4932 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4932?
Check the references section above for vendor advisories and patch information. Affected products include: Comingchina U-Mail Webmail Server.