server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation14 reference(s) from NVD