There are two webmail vulnerabilities in MailEnable versions 10.41, 9.84 and 8.65 and earlier which can both lead to remote code execution by an authenticated mail user.
One is a directory traversal vulnerability, which was reported and documented by GeorgeT, JohnM and JohnB. The other is a lack of validation of a command which was reported and documented by GeorgeT.
Upgrading to a later version will resolve the issue, and the upgrade is free, and does not require you to be under upgrade protection. Upgrades are available from the download page at:
For details on how to upgrade please see:
|Class:||BUG: Product Defect/Bug|
|Revised:||Friday, December 2, 2022|