CVEs-PoC/2010/CVE-2010-5335.md

### [CVE-2010-5335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5335)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

### POC

#### Reference
- https://vuldb.com/?id.142994

#### Github
No PoCs found on GitHub currently.