CVE-2023-4595
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
BVRP Software · SLmailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →