| TVN ID | TVN-202312009 |
|---|---|
| CVE ID | CVE-2023-48380 |
| CVSS | 7.4 (Medium) CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Affected Products | Softnext Mail SQR Expert before v230330 |
| Description | Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. |
| Solution | Update version to 230430 |
| Credit | Fi Liu(CHT Security) |
| Public Date | 2023-12-15 |
:::