[zubspace]

According to [1] mailinabox seems to be not affected.

[1] https://github.com/mail-in-a-box/mailinabox/issues/1663#issu...

[jacquesm]

Good news, and good to see them respond so fast as well. I looked through the config files (could not get the exploit to work for some reason) and found the exact offending lines and jumped to the wrong conclusion. Weird how the config appears to have the exact setup that NextCloud has and yet it does not seem to be exploitable. Wonder why that is.

[emptysands]

Exploit required specific combination of software and config lines. MIAB didn't have those lines.

That's not to say another similar exploit might have worked a different way. Luckily that bug is patched now.