三井物産セキュアディレクション株式会社 東内 裕二 氏

**Name of the Vulnerable Software and Affected Versions** MicroEngine Mailform versions 1.1.0 through 1.1.8 PostgreSQL (affected versions not specified) **Description** The issue allows for the unrestricted upload of files with dangerous types. If the file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. A serious flaw in PostgreSQL is being actively exploited, which could lead to potential data breaches and system compromises. **Recommendations** For MicroEngine Mailform versions 1.1.0 through 1.1.8, consider disabling the file upload function and server save option until a patch is available. For PostgreSQL, update your systems immediately to protect against potential data breaches and system compromises. As a temporary workaround, restrict access to sensitive areas of the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MicroEngine Mailform versions 1.1.0 through 1.1.8 **Description** The issue allows a remote attacker to save an arbitrary file on the server and execute it, given that the file upload function and server save option are enabled. This is due to a path traversal vulnerability. **Recommendations** For versions 1.1.0 through 1.1.8, consider disabling the file upload function and server save option as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.