Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zimbra 代码问题漏洞
Vulnerability Description
Zimbra是美国Zimbra公司的一套开源的电子邮件协作平台。 Zimbra 8.8.15 Patch 10之前版本和9.0.0 Patch 3之前的9.x版本中的Webmail子系统的/service/upload程序存在代码问题漏洞。攻击者可通过上传可执行文件利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A