CVE-2018-5700

CVE: CVE-2018-5700
Published: 2018-01-14T20:29Z
Vendor: magicwinmail
Products: winmail_server
Versions: 6.2,
Description Language: en
Description: Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
References:
https://github.com/0xWfox/Winmail/blob/master/Winmail_6.2.md