CVE-2020-14066

HIGH

IceWarp Mail Server 12.3.0.1 - Unrestricted Upload of JavaScript Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-14066. PoCs published by networksecure, pinpinsec.

AI-analyzed exploit summary The repository contains only a README.md file referencing CVE-2020-14066, which pertains to insecure permissions in Icewarp Email Server 12.3.0.1. No exploit code or technical details are provided.

Description

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

Exploits (2)

nomisec WRITEUP 1 stars
by networksecure · poc
https://github.com/networksecure/CVE-2020-14066

The repository contains only a README.md file referencing CVE-2020-14066, which pertains to insecure permissions in Icewarp Email Server 12.3.0.1. No exploit code or technical details are provided.

Classification
Writeup 30%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Icewarp Email Server 12.3.0.1
No auth needed
Prerequisites: access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by pinpinsec · poc
https://github.com/pinpinsec/CVE-2020-14066

The repository contains only a README.md file referencing CVE-2020-14066, an insecure permissions vulnerability in Icewarp Email Server 12.3.0.1. No exploit code or technical details are provided.

Classification
Writeup 30%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Icewarp Email Server 12.3.0.1
No auth needed
Prerequisites: Access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.icewarp.com/download-premise/server/

Scores

CVSS v3 8.8
EPSS 0.0177
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
icewarp/mail_server 12.3.0.1
Published Jul 15, 2020
Tracked Since Feb 18, 2026