File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGfi Archiver
APPGfi< 15.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2026-2038CRITICAL9.8PL ✓ten sam produkt
GFI Archiver MArc.Core — pominięcie autoryzacji (Authentication Bypass)
CVE-2026-2039CRITICAL9.8PL ✓ten sam produkt
GFI Archiver: Pominięcie autoryzacji w MArc.Store umożliwia RCE jako SYSTEM
CVE-2024-11948CRITICAL9.8PL ✓ten sam produkt
GFI Archiver – RCE przez podatną wersję Telerik Web UI
CVE-2026-2036HIGH8.8ten sam produkt
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabil...
CVE-2026-2037HIGH8.8ten sam produkt
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili...