CVE-2010-3460

AXIGEN Mail Server 7.4.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3460. PoCs published by Bogdan Calin.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Axigen Webmail 7.4.1 by using URL-encoded backslashes to traverse directories and access sensitive files like `win.ini`. The PoC provides a clear example of the attack vector without requiring authentication.

Description

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bogdan Calin · textremotewindows

https://www.exploit-db.com/exploits/34622

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Axigen Webmail 7.4.1 by using URL-encoded backslashes to traverse directories and access sensitive files like `win.ini`. The PoC provides a clear example of the attack vector without requiring authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Axigen Webmail 7.4.1

No auth needed

Prerequisites: Access to the vulnerable Axigen Webmail instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/1009-exploits/axigen741-traversal.txt

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2415

Patch, Vendor Advisory x_refsource_confirm

http://www.axigen.com/press/product-releases/axigen-releases-version-742_74.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/61826

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/68027

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41430

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/43230

Various Sources x_refsource_misc

http://www.acunetix.com/blog/news/directory-traversal-axigen/

Scores

EPSS 0.0836

EPSS Percentile 94.2%

Details

CWE

CWE-22

Status published

Products (40)

gecad/axigen_mail_server

gecad/axigen_mail_server 1.0.1

gecad/axigen_mail_server 1.0.2

gecad/axigen_mail_server 1.0.5

gecad/axigen_mail_server 1.0.6

gecad/axigen_mail_server 1.0.7

gecad/axigen_mail_server 1.1.0 (2 CPE variants)

gecad/axigen_mail_server 1.1.1

gecad/axigen_mail_server 1.2.0 (2 CPE variants)

gecad/axigen_mail_server 1.2.3

... and 30 more

Published Sep 17, 2010

Tracked Since Feb 18, 2026