← Zuruck zu CVEs
CVE-2022-40742
MEDIUM6.5
Beschreibung
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/31/2022
Zuletzt geandert5/5/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
softnext:mail_sqr_expert
Schwachen (CWE)
CWE-22CWE-22
Referenzen
https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.