What is CVE-2021-26294?

CVE-2021-26294 is a vulnerability in N/a. Published 2021-03-07.

Is CVE-2021-26294 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/s…

EPSS: 0.925 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/vulnerability-poc
ARPSyndicate/cvemon
E3SEC/AfterLogic
EdgeSecurityTeam/Vulnerability
J1ezds/Vulnerability-Wiki-page
KayCHENvip/vulnerability-poc
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_
SexyBeast233/SecBooks
Threekiii/Awesome-POC

References

github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-info… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-26294?: CVE-2021-26294 is a vulnerability in N/a. Published 2021-03-07.
Is CVE-2021-26294 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.