Secunia Research has discovered a vulnerability in @Mail Webmail, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the lack of sanitisation of the "unique" parameter in compose.pl before using the value to construct a filename for saving an uploaded mail attachment. This can be exploited to upload files to arbitrary directories on the server with privileges of the web server via directory traversal attacks. The default installation of the Windows version runs the Apache web server with SYSTEM privileges.
Successful exploitation allows execution of arbitrary Perl code by e.g. uploading a Perl file into the webmail directory.
The vulnerability has been confirmed in version 4.3 and affects only the Windows version.
Solution: The vendor has provided a source code patch (see vendor's original advisory).
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org