CVE-2023-40747
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| A.K.I Software | pmman.exe (Standard edition) | 2.5.1.12154 and earlier | affected |
| A.K.I Software | pmman.exe (Pro edition) | 2.5.1.12155 and earlier | affected |
| A.K.I Software | pmman.exe (Standard + IMAP4 edition) | 2.5.1.12156 and earlier | affected |
| A.K.I Software | pmman.exe (Pro + IMAP4 edition) | 2.5.1.12157 and earlier | affected |
| A.K.I Software | pmman.exe (Enterprise edition) | 2.5.1.12158 and earlier | affected |
Weaknesses
- Directory traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.