CVE-2019-7213
MEDIUMSmarterTools SmarterMail <16.x-6985 - Path Traversal
Title source: llmDescription
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
Exploits (1)
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.smartertools.com/smartermail/release-notes/current
Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
Scores
CVSS v3
6.5
EPSS
0.1338
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
smartertools/smartermail
16.0.6345 - 16.3.6985
Published
Apr 24, 2019
Tracked Since
Feb 18, 2026