PT-2024-24312 · Unknown · Mailcleaner

Michael Imfeld

Published

2024-04-28

Updated

2025-03-21

CVE-2024-3195

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MailCleaner versions up to 2023.03.14

Description A critical issue affects an unknown part of the component Admin Endpoints, leading to path traversal. The manipulation can be initiated remotely. The issue has been disclosed publicly and may be exploited.

Recommendations Apply a patch to fix this issue for versions up to 2023.03.14. As a temporary workaround, consider restricting access to the Admin Endpoints until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-3195

Affected Products

Mailcleaner

PT-2024-24312 · Unknown · Mailcleaner

CVE-2024-3195

Weakness Enumeration

Related Identifiers

Affected Products

References · 11