cpe:/a:comingchina:u-mail_webmail_server:4.91 CVE-2008-4932 2008-11-05T10:00:14.663-05:00 2017-10-18T21:30:14.987-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-11-05T15:09:00.000-05:00 BUGTRAQ 20081031 U-Mail Webmail 'edit.php' Arbitrary File Write Vulnerability BID 32013 SECUNIA 32540 SREASON 4565 EXPLOIT-DB 6898 XF umail-edit-file-upload(46300) webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web document root.