HomePentest-Tools.com Logo

AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure CVE-2021-26292

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP DELETE request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to obtain web root path.\n

Risk description

No risk description to display.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Not available
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available