VULHUB ™

iXmail has been reported prone to an arbitrary file upload vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it is reportedly possible for an attacker to upload an arbitrary file to a target system. The files placement however is limited to the /tmp directory of the established web root. However, it is still possible to access files in this directory remotely. An authenticated attacker could exploit this vulnerability by uploading malicious PHP code into a file and then making a request for the file.

iXmail has been reported prone to an arbitrary file upload vulnerability. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it is reportedly possible for an attacker to upload an arbitrary file to a target system. The files placement however is limited to the /tmp directory of the established web root. However, it is still possible to access files in this directory remotely. An authenticated attacker could exploit this vulnerability by uploading malicious PHP code into a file and then making a request for the file.