SmarterMail Directory Traversal Vulnerability

Summary
This host is running SmarterMail and is prone to directory traversal vulnerability.
Impact
Successful exploitation could allow remote authenticated users to read and write directories, files and perform malicious operations. Impact Level: Application
Solution
Upgrade to version 7.2.3925 or later. For updates refer to http://www.smartertools.com/smartermail/mail-server-software.aspx
Insight
The flaw is due to error in the 'FileStorageUpload.ashx', which fails to validate the input value passed to the 'name' parameter. This allows remote attackers to read arbitrary files via a '../' or '%5C' or '%255c' in the name parameter.
Affected
SmarterTools SmarterMail 7.1.3876
References