go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

TVN] SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds

Date:
Font-stze:
  • Department:TWCERT/CC
  • Update:2019-04-15
  • Count Views:96
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
[REPORT DATE] 11th October, 2018
[INCIDENTDATE] 11th October, 2018
[PRODUCT] OAKlouds MailSherlock
[VERSION] < 1.5.235
[PROBLEM TYPE] SQL Injection
[DESCRIPTION]

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.

[SOLUTION] Update the software to the latest version.
[CREDIT] Researcher from a Technology enterprise

 

Top