High severity8.8NVD Advisory· Published Jun 24, 2017· Updated May 13, 2026

CVE-2017-9846

Description

Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

Affected products

Magicwinmail/Winmail Server
cpe:2.3:a:magicwinmail:winmail_server:6.1:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zhonghaozhao/winmail/issues/1nvdIssue TrackingPatchThird Party Advisory
www.magicwinmail.com/changelog.phpnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000