CVE-2005-0313

Magic Winmail Server 4.0 Build 1112 - Directory Traversal and Arbitrary File Upload via upload.php and download.php

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0313. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Magic Winmail Server's Webmail interface, allowing arbitrary file uploads. The PoC uploads a PHP file with a reverse shell payload to a traversed directory path.

Description

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textwebappsphp

https://www.exploit-db.com/exploits/25065

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Magic Winmail Server's Webmail interface, allowing arbitrary file uploads. The PoC uploads a PHP file with a reverse shell payload to a traversed directory path.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Magic Winmail Server 4.0 (Build 1112)

No auth needed

Prerequisites: Network access to the target server · Webmail interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →