CVE-2023-48381

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:31

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html - Third Party Advisory

20 Dec 2023, 13:42

Type Values Removed Values Added
First Time Softnext
Softnext mail Sqr Expert
CPE cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html - () https://www.twcert.org.tw/tw/cp-132-7599-461d5-1.html - Third Party Advisory
CWE CWE-22

15 Dec 2023, 13:42

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 09:15

Updated : 2024-11-21 08:31


NVD link : CVE-2023-48381

Mitre link : CVE-2023-48381

CVE.ORG link : CVE-2023-48381


JSON object : View

Products Affected

softnext

  • mail_sqr_expert
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')