Vulnerabilities > Magicwinmail

DATE CVE VULNERABILITY TITLE RISK
2018-01-14 CVE-2018-5700 Path Traversal vulnerability in Magicwinmail Winmail Server
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
network
low complexity
magicwinmail CWE-22
8.8
2017-06-24 CVE-2017-9846 Path Traversal vulnerability in Magicwinmail Winmail Server 6.1
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
network
low complexity
magicwinmail CWE-22
8.8