CVE-2023-40747

Summary

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

Affected Software

VendorProductVersion RangeStatus
A.K.I Softwarepmman.exe (Standard edition)2.5.1.12154 and earlieraffected
A.K.I Softwarepmman.exe (Pro edition)2.5.1.12155 and earlieraffected
A.K.I Softwarepmman.exe (Standard + IMAP4 edition)2.5.1.12156 and earlieraffected
A.K.I Softwarepmman.exe (Pro + IMAP4 edition)2.5.1.12157 and earlieraffected
A.K.I Softwarepmman.exe (Enterprise edition)2.5.1.12158 and earlieraffected

Weaknesses

  • Directory traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References