CVE-2017-9846 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Magicwinmail	Winmail Server	6.1

Related Weaknesses (CWE)

CWE-22

References

http://www.magicwinmail.com/changelog.phpRelease NotesVendor Advisory
https://github.com/zhonghaozhao/winmail/issues/1Issue TrackingPatchThird Party Advisory
http://www.magicwinmail.com/changelog.phpRelease NotesVendor Advisory
https://github.com/zhonghaozhao/winmail/issues/1Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2017-9846?

CVE-2017-9846 is a vulnerability with a CVSS score of 8.8 (HIGH). Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder...

How severe is CVE-2017-9846?

CVE-2017-9846 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9846?

Check the references section above for vendor advisories and patch information. Affected products include: Magicwinmail Winmail Server.