Florian Dewald

**Name of the Vulnerable Software and Affected Versions** SuperWebMailer version 9.00.0.01710 **Description** The issue allows for Export SQL Injection via the `size` parameter. This enables potential attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. **Recommendations** For SuperWebMailer version 9.00.0.01710, avoid using the `size` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuperWebMailer version 9.00.0.01710 **Description** An issue was discovered that allows for XSS via crafted incorrect passwords in the superadmincreate.php file. **Recommendations** For SuperWebMailer version 9.00.0.01710, as a temporary workaround, consider restricting access to the superadmincreate.php file until a patch is available. Avoid using crafted incorrect passwords in the `password` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuperWebMailer version 9.00.0.01710 **Description** An issue in SuperWebMailer allows Remote Code Execution via a crafted sendmail command line. **Recommendations** For SuperWebMailer version 9.00.0.01710, consider restricting access to the sendmail command line until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SuperWebMailer version 9.00.0.01710 **Description** An issue was discovered that allows for XSS via a GET parameter in the keepalive.php file. **Recommendations** For SuperWebMailer version 9.00.0.01710, consider restricting access to the keepalive.php file until a patch is available. As a temporary workaround, avoid using the vulnerable GET parameter in the keepalive.php file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuperWebMailer version 9.00.0.01710 **Description** An issue was discovered in SuperWebMailer that allows spamtest external.php XSS via a crafted filename. The issue is related to the `filename` variable, which can be exploited to execute XSS attacks. **Recommendations** For SuperWebMailer version 9.00.0.01710, consider restricting access to the spamtest external.php file until a patch is available. As a temporary workaround, avoid using crafted filenames that could exploit the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.