High severity8.8NVD Advisory· Published Jun 24, 2017· Updated Jun 17, 2026
CVE-2017-9846
CVE-2017-9846
Description
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:magicwinmail:winmail_server:6.1:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:magicwinmail:winmail_server:6.1:-:*:*:*:*:*:*
- (no CPE)range: =6.1
Patches
Vulnerability mechanics
References
2- github.com/zhonghaozhao/winmail/issues/1nvdIssue TrackingPatchThird Party Advisory
- www.magicwinmail.com/changelog.phpnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.