← back
CVE-2013-7091

CVE-2013-7091

EPSS 86.2%
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Affected products
n/a · n/a
public PoCs found5
cve_referencewww.exploit-db.com/exploits/30085unverifiedcve_referencewww.exploit-db.com/exploits/30472unverifiedexploitdbwww.exploit-db.com/exploits/30085unverifiedexploitdbwww.exploit-db.com/exploits/30472unverifiedcve_referencepacketstormsecurity.com/files/124321unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/100747http://packetstormsecurity.com/files/124321https://exchange.xforce.ibmcloud.com/vulnerabilities/89527http://www.exploit-db.com/exploits/30085http://www.exploit-db.com/exploits/30472http://www.securityfocus.com/bid/64149