Vulnerability CVE-2022-27925
Published: 2022-04-21

Description:
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Zimbra Zip Path Traversal
Ron Bowes
24.08.2022

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24
Copyright 2024, cxsecurity.com

 

Back to Top