Description
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- A.K.I Software / pmman.exe (Enterprise edition)2.5.1.12158 and earlier – 2.5.1.12158 and earlier
- A.K.I Software / pmman.exe (Pro edition)2.5.1.12155 and earlier – 2.5.1.12155 and earlier
- A.K.I Software / pmman.exe (Pro + IMAP4 edition)2.5.1.12157 and earlier – 2.5.1.12157 and earlier
- A.K.I Software / pmman.exe (Standard edition)2.5.1.12154 and earlier – 2.5.1.12154 and earlier
- A.K.I Software / pmman.exe (Standard + IMAP4 edition)2.5.1.12156 and earlier – 2.5.1.12156 and earlier