IceWarp Less Than 10.4.4 - Local File Inclusion

By
Sooraj V Nair
Published on
01 Oct 2021
Vulnerability

IceWarp Mail Server through 10.4.4 can easily generate local file inclusion vulnerabilities by traversing the webmail/calendar/minimizer/index.php?style directory .

Impact

Successful exploitation allows remote attackers to perform unintended actions such as information disclosure, database access, etc.

Mitigation / Precaution

Our recommendation is to update IceWarp Mail Server to the latest version as soon as possible to patch the vulnerabilities.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.