PT-2020-12681 · Superwebmailer · Superwebmailer

Published

2020-07-14

Updated

2021-07-21

CVE-2020-11546

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SuperWebMailer version 7.21.0.01526

Description The issue allows an unauthenticated remote attacker to execute arbitrary PHP code via code injection in the Language parameter of the "mailingupgrade.php" endpoint.

Recommendations For SuperWebMailer version 7.21.0.01526, consider restricting access to the "mailingupgrade.php" endpoint until a patch is available, and avoid using the Language parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-11546

Affected Products

Superwebmailer

PT-2020-12681 · Superwebmailer · Superwebmailer

CVE-2020-11546

Weakness Enumeration

Related Identifiers

Affected Products

References · 3