CVE-2022-27925
- Reference to the description:
- Description:
- Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
- Last updated date:
- 10/28/2022
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 08/11/2022
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/12/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/14/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/14/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/20/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/22/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/26/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/25/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/01/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/28/2022
- Reference url to background
http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html