CVE-2018-5700

2018-01-1420:00:00

mitre

www.cve.org

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.

References

github.com/0xWfox/Winmail/blob/master/Winmail_6.2.md