provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CPE | Name | Operator | Version |
---|---|---|---|
zarafa_collaboration_platform | le | 7.1.12 | |
zarafa_collaboration_platform | eq | 7.2.0 |