Afterlogic Aurora and Webmail Pro <= v67.7.9 - Unauthorised Administrative Login due to Retrieval of Credentials via Path Traversal Exploit (CVE-2021-26294)

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9.

The products allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).

This vulnerability was reported to have been exploited 'in the wild' during February 2025.

Update to the latest version.

• https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md

• https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-22&host_type=src&vulnerability=cve-2021-26294