CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-22794

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.3%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 7.5

References

https://www.gov.il/en/departments/faq/cve_advisories
https://www.gov.il/en/departments/faq/cve_advisories

Products affected by CVE-2022-22794

Cybonet » Pineapp Mail Secure » Version: N/A

cpe:2.3:a:cybonet:pineapp_mail_secure:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-22794

Products

Pricing

Contact Us