CVE-2022-22794

Опубликовано: 24 фев. 2022

Источник: nvd

CVSS3: 6.8

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.

Ссылки

https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cybonet:pineapp_mail_secure:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00876

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-99mx-crvj-r8jm

CVSS3: 9.8

github

почти 4 года назад

EPSS

Процентиль: 75%

0.00876

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89