Dninh

**Name of the Vulnerable Software and Affected Versions** SOGo version 5.12.7 **Description** An issue in the Access Control List management functionality allows authenticated users to extract arbitrary data from the database. This is achieved by injecting SQL subqueries through the `uid` parameter of the "/addUserInAcls" endpoint. Attackers can use malicious SQL code to write extracted data into the `sogo acl` table and subsequently retrieve it via the "/acls" API, creating an out-of-band data exfiltration channel. **Recommendations** As a temporary workaround, restrict access to the "/addUserInAcls" endpoint or avoid using the `uid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmarterTools SmarterMail versions prior to 9560 **Description** An issue in the '/api/v1/report/summary/{type}' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. This can be combined with hardcoded keys and weak encryption algorithms to decrypt and access stored passwords and 2FA secrets for all users. **Recommendations** Update to build 9560 or later. Restrict access to the '/api/v1/report/summary/{type}' API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MailEnable Enterprise Premium versions prior to 10.56 **Description** Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing `AuthenticationToken` cookies generated for low-privileged users. An attacker can obtain a token from the 'WebMail login' endpoint using the `PersistentLogin` parameter and replay it against the WebAdmin portal to perform highly privileged administrative actions. **Recommendations** Update to a version later than 10.55.