CVE-2023-4595
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
BVRP Software · SLmail¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →