PT-2023-8668 · Unknown · Mailsherlock

Dong-Jie Chen

Publicado

2023-03-27

Atualizado

2023-04-02

CVE-2023-24841

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MailSherlock (affected versions not specified)

Description The issue is related to insufficient filtering for user input in the MailSherlock query function for connection logs. This allows an authenticated remote attacker with administrator privileges to inject and execute arbitrary system commands, potentially leading to disruption of service or performance of arbitrary system operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2024-01450

CVE-2023-24841

Produtos afetados

Mailsherlock

PT-2023-8668 · Unknown · Mailsherlock

CVE-2023-24841

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4