SmarterMail Build 9406 and earlier is vulnerable to arbitrary file upload. An unauthenticated attacker can upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
Sends a GET request to /interface/root#/login, confirms SmarterMail is present via the ng-app="smartermail" directive, extracts the version and build number from the stProductVersion JavaScript variable, and flags instances as vulnerable if the build number is less than or equal to 9406 as per csa.gov.sg's alert:
The vulnerability affects SmarterMail versions Build 9406 and earlier.
- Download and install Nuclei.
- Clone this repostory to your local system.
- Run the following command:
nuclei -u <ip|fqdn> -t template.yaml
Or if you would like to scan a list of hosts, execute:
nuclei -l <list.txt> -t template.yaml
Example Output
- https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124
- https://www.smartertools.com/smartermail
- https://github.com/projectdiscovery/nuclei
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
This project is licensed under the MIT License.
If you have any questions about this vulnerability detection script please reach out to me via Signal.
If you would like to connect, I am mostly active on Twitter/X and LinkedIn.