exploitDog

CVE-2023-48382

Опубликовано: 15 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7600-dd072-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*

Версия до 230330 (исключая)

EPSS

Процентиль: 56%

0.00342

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-qg7w-3rf4-w97x

CVSS3: 6.5

github

около 2 лет назад

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

EPSS

Процентиль: 56%

0.00342

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22