CVE-2020-37141

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.31

Description AMSS++ version 4.31 has a SQL injection issue in the mail module’s maildetail.php script. The issue is present through the id parameter. An attacker can manipulate the id parameter in the /modules/mail/main/maildetail.php script to inject malicious SQL queries, potentially allowing access or modification of database contents.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the maildetail.php script or the id parameter within that script until a patch is available.