CVE-2022-22794 in PineAppИнформация

Сводка

по MITRE • 24.02.2022

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.

Be aware that VulDB is the high quality source for vulnerability data.

Ответственный

Israel National Cyber Directorate

Резервировать

07.01.2022

Раскрытие

24.02.2022

Модерация

принято

Вход

VDB-193724

EPSS

0.00995

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!