MailEnable Vulnerabilities in Webmail for version 10.41, 9.84, 8.64 and earlier
DESCRIPTION
There are two webmail vulnerabilities in MailEnable versions 10.41, 9.84 and 8.65 and earlier which can both lead to remote code execution by an authenticated mail user.
One is a directory traversal vulnerability, which was reported and documented by GeorgeT, JohnM and JohnB. The other is a lack of validation of a command which was reported and documented by GeorgeT.
RESOLUTION
Upgrading to a later version will resolve the issue, and the upgrade is free, and does not require you to be under upgrade protection. Upgrades are available from the download page at:
https://www.mailenable.com/download.asp
For details on how to upgrade please see:
https://www.mailenable.com/?ID=me020040
| Product: | MailEnable |
| Article: | ME020737 |
| Module: | General |
| Keywords: | |
| Class: | BUG: Product Defect/Bug |
| Revised: | Friday, December 2, 2022 |
| Author: | MailEnable |
| Publisher: | MailEnable |
- Mail Server
- Overview
- Features
- Comparisons
- Solutions
- Product Editions
- Feature Matrix
- Webmail Demo
- Video Gallery
- Migrate To MailEnable
- Testimonials
© 2023 MailEnable