CVE-2019-7213

MEDIUM

SmarterTools SmarterMail <16.x-6985 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7213. PoCs published by secunnix.

AI-analyzed exploit summary This exploit PoC targets CVE-2019-7213, a directory traversal vulnerability in SmarterMail. It authenticates, uploads a file, and then moves it to a privileged location via a path traversal attack.

Description

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.

Exploits (1)

nomisec WORKING POC 1 stars
by secunnix · poc
https://github.com/secunnix/CVE-2019-7213

This exploit PoC targets CVE-2019-7213, a directory traversal vulnerability in SmarterMail. It authenticates, uploads a file, and then moves it to a privileged location via a path traversal attack.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: SmarterMail (version not specified)
Auth required
Prerequisites: Valid credentials for the target SmarterMail instance · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.4211
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
smartertools/smartermail 16.0.6345 - 16.3.6985
Published Apr 24, 2019
Tracked Since Feb 18, 2026