Smartertools: >> Smartermail >> 100.0.7537 Security Vulnerabilities
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVSS Score
10.0
EPSS Score
0.002
Published
2025-12-29
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-17
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-08-17