CVE-2012-4940

EXPLOITED NUCLEI

Axigen Free Mail Server - Path Traversal

Title source: llm

Exploitation Summary

CVE-2012-4940 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Zhao Liang, Zhao Liang, juan vazquez, including a Metasploit module auxiliary/admin/http/axigen_file_access. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Axigen Mail Server by using '../' sequences to access sensitive files like 'win.ini'. The PoC provides example URLs to exploit the flaw.

Description

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Zhao Liang · textremotewindows

https://www.exploit-db.com/exploits/37996

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in Axigen Mail Server by using '../' sequences to access sensitive files like 'win.ini'. The PoC provides example URLs to exploit the flaw.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Axigen Mail Server

No auth needed

Prerequisites: Network access to the vulnerable server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Zhao Liang, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/axigen_file_access.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Axigen WebAdmin to read or delete arbitrary files with SYSTEM privileges on Windows. It requires authentication and has been tested on Axigen 8.10.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Axigen WebAdmin 8.10

Auth required

Prerequisites: Valid credentials for Axigen WebAdmin · Network access to the target

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Axigen Mail Server Filename Directory Traversal

MEDIUMby dhiyaneshDk

References (2)

Core 2

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/586556

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56343

Scores

EPSS 0.7982

EPSS Percentile 99.1%

Details

VulnCheck KEV 2024-09-19

CWE

CWE-22

Status published

Products (1)

gecad/axigen_free_mail_server

Published Oct 31, 2012

Tracked Since Feb 18, 2026