TVN ID | TVN-202312009 |
---|---|
CVE ID | CVE-2023-48380 |
CVSS | 7.4 (Medium) CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products | Softnext Mail SQR Expert before v230330 |
Description | Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. |
Solution | Update version to 230430 |
Credit | Fi Liu(CHT Security) |
Public Date | 2023-12-15 |