CVE-2018-25180

Name of the Vulnerable Software and Affected Versions Maitra version 1.7.2

Description The software contains a SQL injection flaw that permits authenticated attackers to run arbitrary SQL queries by submitting malicious code via the mailid parameter within the outmail and inmail modules. Attackers can also directly download the SQLite database file from the application directory, potentially exposing sensitive mail tracking data and credentials.

Recommendations Update to a newer version that contains a fix for this vulnerability.