ID:9450 - Exploit for Path traversal in Zimbra Collaboration - CVE-2022-27925

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:9450 - Exploit for Path traversal in Zimbra Collaboration - CVE-2022-27925

ID:9450 - Exploit for Path traversal in Zimbra Collaboration - CVE-2022-27925

Published: December 19, 2023


Vulnerability identifier: #VU66173
Vulnerability risk: Medium
CVE-ID: CVE-2022-27925
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Zimbra Collaboration

Link to public exploit:


Vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file name inside a zip archive in mboximport (MailboxImportServlet). A remote user can upload a specially crafted archive and write files to an arbitrary location on the system.


Remediation

Install update from vendor's website.