CVE-2010-3486

SmarterMail 7.1.3876 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-3486. PoCs published by Hoyt LLC Research, sqlhacker.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in SmarterMail 7.x, including Stored XSS, Reflected XSS, Directory Traversal, and others. It provides technical details, timelines, and references to public disclosures but does not include executable exploit code.

Description

Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Hoyt LLC Research · textwebappsasp
https://www.exploit-db.com/exploits/16955

This is a detailed writeup describing multiple vulnerabilities in SmarterMail 7.x, including Stored XSS, Reflected XSS, Directory Traversal, and others. It provides technical details, timelines, and references to public disclosures but does not include executable exploit code.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: SmarterMail 7.x
No auth needed
Prerequisites: Access to the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by sqlhacker · textwebappsasp
https://www.exploit-db.com/exploits/15189

This is a detailed writeup describing LDAP injection and stored XSS vulnerabilities in SmarterMail 7.x (7.2.3925). It includes exploit patterns, proof-of-concept examples, and remediation advice but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Ldap Injection
Complexity
Moderate
Reliability
Reliable
Target: SmarterMail 7.x (7.2.3925)
Auth required
Prerequisites: Access to SmarterMail web interface · Valid credentials to create events
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by sqlhacker · textremotewindows
https://www.exploit-db.com/exploits/15048

This is a writeup describing multiple vulnerabilities in SmarterMail 7.x, including directory traversal and OS command injection. It provides examples of payloads and paths but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: SmarterMail 7.x (7.1.3876)
Auth required
Prerequisites: User-level privileges · Access to vulnerable SmarterMail installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43324
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61910
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15048

Scores

EPSS 0.0313
EPSS Percentile 86.2%

Details

CWE
CWE-22
Status published
Products (1)
smartertools/smartermail 7.1.3876
Published Sep 22, 2010
Tracked Since Feb 18, 2026