accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
Software | From | Fixed in |
---|---|---|
icewarp / web_mail | 3.3.2 | 3.3.2.x |
icewarp / web_mail | 5.2.7 | 5.2.7.x |
icewarp / web_mail | 5.2.8 | 5.2.8.x |