Vulnerability Details CVE-2018-17542
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.6%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 5.0
References
- https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73
- https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28
- https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73
- https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28
Products affected by CVE-2018-17542
-
cpe:2.3:a:hgiga:oaklouds_mailsherlock:*