mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 02:45:46 +02:00
0xMarcio
824 B
824 B
CVE-2010-3486
Description
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
POC
Reference
- http://cloudscan.blogspot.com/2010/09/smarter-stats-533819-file-fuzzing.html
- http://packetstormsecurity.org/1009-exploits/smartermail-traversal.txt
Github
No PoCs found on GitHub currently.