Attacker managed to upload files into Web Client directory - Zimbra Forums
forums.zimbra.org