CVE-2018-17542

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds

CVSS 4.3 MEDIUMEPSS 1.2%

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

OAKlouds · MailSherlock

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73 https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28