Vulnerability: Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.

Impact

An attacker can read sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server.

Severity

medium

Verified

Unknown