Описание
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
Ссылки
- Patch
- Vendor Advisory
- URL Repurposed
- Patch
- Vendor Advisory
- URL Repurposed
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.0 (включая)
cpe:2.3:a:mailmarshal:mailmarshal_smtp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00919
Низкий
7.6 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
EPSS
Процентиль: 76%
0.00919
Низкий
7.6 High
CVSS2
Дефекты
NVD-CWE-Other