Exploit for Zimbra Collaboration Suite mboximport path traversal

## https://sploitus.com/exploit?id=SAINT:71C6FB74337A5A74CDDDB158E8B0AC37
Added: 08/30/2022  


### Background

[Zimbra Collaboration Suite](<https://www.zimbra.com>) is an email, calendar, and collaboration solution for enterprises. 

### Problem

A path traversal vulnerability in the `**mboximport**` function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command execution. 

### Resolution

Upgrade to Zimbra Collaboration Suite 8.8.15 patch 31 or 9.0.0 patch 24 or higher. 

### References

<https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24#Security_Fixes>  


### Platforms

Linux