13 matches found
Zimbra Collaboration Server 10.0.x < 10.0.18, 10.1.x < 10.1.13 Local File Inclusion
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
VulnCheck KEV: CVE-2025-68645
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion
This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...
Exploit for CVE-2025-68645
zimbramail-CVE-2025-68645-poc A proof-of-concept exp...
CVE-2025-68645
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
CVE-2025-68645
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
CVE-2025-68645
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
CVE-2025-68645
A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...
CVE-2025-68645
Summary: CVE-2025-68645 is a Local File Inclusion in Zimbra Collaboration (ZCS) Webmail Classic UI (10.0/10.1) caused by improper handling in the RestFilter servlet. An unauthenticated attacker can craft requests to the /h/rest endpoint to influence internal request dispatching and include arbitr...
EUVD-2024-52646
Malicious code in bioql PyPI...
CVE-2024-54663
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Local File Inclusion LFI vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requir...
Zimbra Collaboration Suite 安全漏洞
Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 9.0, 10.0, and 10.1, which originates from a local file in an endpoint in the...
CVE-2024-54663
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Local File Inclusion LFI vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requir...