CVE-2022-27925

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal...

PT-2021-7280

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 9.0 Description: The issue concerns the mboximport functionality in Zimbra Collaboration, which allows an authenticated user with administrator rights to upload arbitrary files to the system,...