exploitDog

CVE-2023-48381

Опубликовано: 15 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*

Версия до 230330 (исключая)

EPSS

Процентиль: 56%

0.00342

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-66cg-w2v2-4p45

CVSS3: 6.5

github

около 2 лет назад

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

EPSS

Процентиль: 56%

0.00342

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22