CVE ID : CVE-2024-54663

Published : Dec. 19, 2024, 11:15 p.m. | 1 hour, 1 minute ago

Description : An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…