IceWarp Less Than 10.4.4 - Local File Inclusion

Sooraj V Nair
Published on
01 Oct 2021

IceWarp Mail Server through 10.4.4 can easily generate local file inclusion vulnerabilities by traversing the webmail/calendar/minimizer/index.php?style directory .


Successful exploitation allows remote attackers to perform unintended actions such as information disclosure, database access, etc.

Mitigation / Precaution

Our recommendation is to update IceWarp Mail Server to the latest version as soon as possible to patch the vulnerabilities.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment