Search criteria
28 vulnerabilities found for MailCleaner by MailCleaner
FKIE_CVE-2024-3194
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-11 14:09
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262310 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262310 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262310 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262310 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en MailCleaner hasta 2023.03.14 y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida del componente Log File Endpoint es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. VDB-262310 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2024-3194",
"lastModified": "2025-04-11T14:09:28.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:08.070",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262310"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-3195
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-10 20:42
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262311 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262311 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262311 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262311 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en MailCleaner hasta 2023.03.14. Ha sido clasificada como cr\u00edtica. Una parte desconocida del componente Admin Endpoints afecta a una parte desconocida. La manipulaci\u00f3n conduce al recorrido del camino. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-262311."
}
],
"id": "CVE-2024-3195",
"lastModified": "2025-04-10T20:42:17.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:08.400",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262311"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-3196
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-11 14:46
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262312 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262312 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262312 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262312 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en MailCleaner hasta 2023.03.14. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration del componente SOAP Service. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-262312."
}
],
"id": "CVE-2024-3196",
"lastModified": "2025-04-11T14:46:45.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:08.740",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262312"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-3192
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-10 20:54
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262308 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262308 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262308 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262308 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en MailCleaner hasta 2023.03.14 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Admin Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n como parte del mensaje de correo conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador de esta vulnerabilidad es VDB-262308."
}
],
"id": "CVE-2024-3192",
"lastModified": "2025-04-10T20:54:16.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:07.480",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262308"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-3191
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-11 14:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262307 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262307 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262307 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262307 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en MailCleaner hasta 2023.03.14 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del componente Email Handler. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-262307."
}
],
"id": "CVE-2024-3191",
"lastModified": "2025-04-11T14:49:53.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:07.080",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262307"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-3193
Vulnerability from fkie_nvd - Published: 2024-04-29 07:15 - Updated: 2025-04-10 20:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| cna@vuldb.com | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| cna@vuldb.com | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.262309 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.262309 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/pull/601 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/en/advisories/mz-24-01-mailcleaner/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.262309 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.262309 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:community:*:*:*",
"matchCriteriaId": "35777107-4DDB-468B-9E78-A534A93A3768",
"versionEndIncluding": "2023.03.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en MailCleaner hasta 2023.03.14 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del componente Admin Endpoints es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-262309."
}
],
"id": "CVE-2024-3193",
"lastModified": "2025-04-10T20:46:54.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T07:15:07.773",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.262309"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-1010246
Vulnerability from fkie_nvd - Published: 2019-07-18 19:15 - Updated: 2024-11-21 04:18
Severity ?
Summary
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.
References
| URL | Tags | ||
|---|---|---|---|
| josh@bress.net | https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5D4F87-55D3-4173-B7A0-6B9A17BBC715",
"versionEndExcluding": "2019-01-21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
},
{
"lang": "es",
"value": "MailCleaner anterior a c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 est\u00e1 afectado por: Divulgaci\u00f3n de informaci\u00f3n de la contrase\u00f1a de la base de datos MySQL no autenticada. El impacto es: divulgaci\u00f3n de contenido de la base de datos MySQL (por ejemplo, nombre de usuario, contrase\u00f1a). El componente es: La llamada API en la funci\u00f3n allowAction() en NewslettersController.php. El vector de ataque es: petici\u00f3n HTTP Get. La versi\u00f3n corregida es: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
],
"id": "CVE-2019-1010246",
"lastModified": "2024-11-21T04:18:05.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T19:15:11.257",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20323
Vulnerability from fkie_nvd - Published: 2019-03-21 16:00 - Updated: 2024-11-21 04:01
Severity ?
Summary
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | 2018.08 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:2018.08:*:*:*:community:*:*:*",
"matchCriteriaId": "B9FE1A43-2201-4139-9681-6557984124AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "www/soap/application/MCSoap/Logs.php en MailCleaner Community Edition 2018.08 permite que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo."
}
],
"id": "CVE-2018-20323",
"lastModified": "2024-11-21T04:01:13.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:35.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18635
Vulnerability from fkie_nvd - Published: 2018-10-24 21:29 - Updated: 2024-11-21 03:56
Severity ?
Summary
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/MailCleaner/MailCleaner/issues/53 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MailCleaner/MailCleaner/issues/53 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mailcleaner | mailcleaner | 2018.08 | |
| mailcleaner | mailcleaner | 2018.09 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:2018.08:*:*:*:community:*:*:*",
"matchCriteriaId": "B9FE1A43-2201-4139-9681-6557984124AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mailcleaner:mailcleaner:2018.09:*:*:*:community:*:*:*",
"matchCriteriaId": "B6EAC4CC-C8C2-4055-89FA-BAEB062E9101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO."
},
{
"lang": "es",
"value": "www/guis/admin/application/controllers/UserController.php en la interfaz de inicio de sesi\u00f3n de administrador en MailCleaner CE 2018.08 y 2018.09 permite Cross-Site Scripting (XSS) mediante PATH_INFO en admin/login/user/message/."
}
],
"id": "CVE-2018-18635",
"lastModified": "2024-11-21T03:56:16.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-24T21:29:01.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-3196 (GCVE-0-2024-3196)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner SOAP Service dumpConfiguration os command injection
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312.
Severity ?
6.7 (Medium)
6.7 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"lessThanOrEqual": "2023.03.14",
"status": "affected",
"version": "2023.03.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T20:51:47.070761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:58.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262312 | MailCleaner SOAP Service dumpConfiguration os command injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.262312"
},
{
"name": "VDB-262312 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"SOAP Service"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312."
},
{
"lang": "de",
"value": "In MailCleaner bis 2023.03.14 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration der Komponente SOAP Service. Mittels Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T09:46:39.153Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262312 | MailCleaner SOAP Service dumpConfiguration os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.262312"
},
{
"name": "VDB-262312 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T11:45:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner SOAP Service dumpConfiguration os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3196",
"datePublished": "2024-04-29T06:22:44.534Z",
"dateReserved": "2024-04-02T14:22:51.446Z",
"dateUpdated": "2024-08-01T20:05:07.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3195 (GCVE-0-2024-3195)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Endpoints path traversal
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3195",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T11:16:34.962014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:16.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262311 | MailCleaner Admin Endpoints path traversal",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262311"
},
{
"name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Endpoints"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Admin Endpoints. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:42.675Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262311 | MailCleaner Admin Endpoints path traversal",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262311"
},
{
"name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Endpoints path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3195",
"datePublished": "2024-04-29T06:22:42.675Z",
"dateReserved": "2024-04-02T14:22:48.769Z",
"dateUpdated": "2024-08-01T20:05:07.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3194 (GCVE-0-2024-3194)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Log File Endpoint cross site scripting
Summary
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:22:27.566395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:57.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262310 | MailCleaner Log File Endpoint cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262310"
},
{
"name": "VDB-262310 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Log File Endpoint"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in MailCleaner bis 2023.03.14 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente Log File Endpoint. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:40.854Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262310 | MailCleaner Log File Endpoint cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262310"
},
{
"name": "VDB-262310 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Log File Endpoint cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3194",
"datePublished": "2024-04-29T06:22:40.854Z",
"dateReserved": "2024-04-02T14:22:45.652Z",
"dateUpdated": "2024-08-01T20:05:07.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3193 (GCVE-0-2024-3193)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Endpoints os command injection
Summary
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T17:43:34.575455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:33.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262309 | MailCleaner Admin Endpoints os command injection",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262309"
},
{
"name": "VDB-262309 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Endpoints"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In MailCleaner bis 2023.03.14 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Admin Endpoints. Durch die Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:38.861Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262309 | MailCleaner Admin Endpoints os command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262309"
},
{
"name": "VDB-262309 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Endpoints os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3193",
"datePublished": "2024-04-29T06:22:38.861Z",
"dateReserved": "2024-04-02T14:22:43.107Z",
"dateUpdated": "2024-08-01T20:05:07.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3192 (GCVE-0-2024-3192)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Interface cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:18:13.981404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:27.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262308 | MailCleaner Admin Interface cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.262308"
},
{
"name": "VDB-262308 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Interface"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Admin Interface. Mit der Manipulation durch Mail Message kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T09:45:06.885Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262308 | MailCleaner Admin Interface cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.262308"
},
{
"name": "VDB-262308 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T11:45:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Interface cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3192",
"datePublished": "2024-04-29T06:22:37.114Z",
"dateReserved": "2024-04-02T14:22:39.907Z",
"dateUpdated": "2024-08-01T20:05:08.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3191 (GCVE-0-2024-3191)
Vulnerability from cvelistv5 – Published: 2024-04-29 06:21 – Updated: 2024-08-27 17:34
VLAI?
Title
MailCleaner Email os command injection
Summary
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307.
Severity ?
9.8 (Critical)
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262307 | MailCleaner Email os command injection",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262307"
},
{
"name": "VDB-262307 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T13:41:22.311410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T17:34:56.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Email Handler"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in MailCleaner bis 2023.03.14 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Email Handler. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:21:47.288Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262307 | MailCleaner Email os command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262307"
},
{
"name": "VDB-262307 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Email os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3191",
"datePublished": "2024-04-29T06:21:47.288Z",
"dateReserved": "2024-04-02T14:22:37.552Z",
"dateUpdated": "2024-08-27T17:34:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010246 (GCVE-0-2019-1010246)
Vulnerability from cvelistv5 – Published: 2019-07-18 18:04 – Updated: 2024-08-05 03:07
VLAI?
Summary
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.
Severity ?
No CVSS data available.
CWE
- Unauthenticated MySQL database password information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MailCleaner | MailCleaner |
Affected:
before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailCleaner",
"vendor": "MailCleaner",
"versions": [
{
"status": "affected",
"version": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated MySQL database password information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T18:04:34",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailCleaner",
"version": {
"version_data": [
{
"version_value": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
}
]
},
"vendor_name": "MailCleaner"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated MySQL database password information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010246",
"datePublished": "2019-07-18T18:04:34",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20323 (GCVE-0-2018-20323)
Vulnerability from cvelistv5 – Published: 2019-03-17 21:38 – Updated: 2024-08-05 11:58
VLAI?
Summary
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T21:38:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"name": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/",
"refsource": "MISC",
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20323",
"datePublished": "2019-03-17T21:38:18",
"dateReserved": "2018-12-20T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18635 (GCVE-0-2018-18635)
Vulnerability from cvelistv5 – Published: 2018-10-24 21:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MailCleaner/MailCleaner/issues/53",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"name": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18635",
"datePublished": "2018-10-24T21:00:00",
"dateReserved": "2018-10-24T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3196 (GCVE-0-2024-3196)
Vulnerability from nvd – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner SOAP Service dumpConfiguration os command injection
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312.
Severity ?
6.7 (Medium)
6.7 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"lessThanOrEqual": "2023.03.14",
"status": "affected",
"version": "2023.03.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T20:51:47.070761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:58.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262312 | MailCleaner SOAP Service dumpConfiguration os command injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.262312"
},
{
"name": "VDB-262312 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"SOAP Service"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects the function getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration of the component SOAP Service. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262312."
},
{
"lang": "de",
"value": "In MailCleaner bis 2023.03.14 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getStats/Services_silentDump/Services_stopStartMTA/Config_saveDateTime/Config_hostid/Logs_StartGetStat/dumpConfiguration der Komponente SOAP Service. Mittels Manipulieren mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T09:46:39.153Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262312 | MailCleaner SOAP Service dumpConfiguration os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.262312"
},
{
"name": "VDB-262312 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262312"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T11:45:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner SOAP Service dumpConfiguration os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3196",
"datePublished": "2024-04-29T06:22:44.534Z",
"dateReserved": "2024-04-02T14:22:51.446Z",
"dateUpdated": "2024-08-01T20:05:07.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3195 (GCVE-0-2024-3195)
Vulnerability from nvd – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Endpoints path traversal
Summary
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3195",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T11:16:34.962014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:16.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262311 | MailCleaner Admin Endpoints path traversal",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262311"
},
{
"name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Endpoints"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Admin Endpoints. Mittels dem Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:42.675Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262311 | MailCleaner Admin Endpoints path traversal",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262311"
},
{
"name": "VDB-262311 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262311"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Endpoints path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3195",
"datePublished": "2024-04-29T06:22:42.675Z",
"dateReserved": "2024-04-02T14:22:48.769Z",
"dateUpdated": "2024-08-01T20:05:07.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3194 (GCVE-0-2024-3194)
Vulnerability from nvd – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Log File Endpoint cross site scripting
Summary
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:22:27.566395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:57.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262310 | MailCleaner Log File Endpoint cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262310"
},
{
"name": "VDB-262310 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Log File Endpoint"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-262310 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in MailCleaner bis 2023.03.14 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente Log File Endpoint. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:40.854Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262310 | MailCleaner Log File Endpoint cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262310"
},
{
"name": "VDB-262310 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262310"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Log File Endpoint cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3194",
"datePublished": "2024-04-29T06:22:40.854Z",
"dateReserved": "2024-04-02T14:22:45.652Z",
"dateUpdated": "2024-08-01T20:05:07.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3193 (GCVE-0-2024-3193)
Vulnerability from nvd – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Endpoints os command injection
Summary
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T17:43:34.575455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:33.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262309 | MailCleaner Admin Endpoints os command injection",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262309"
},
{
"name": "VDB-262309 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Endpoints"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-262309 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In MailCleaner bis 2023.03.14 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Admin Endpoints. Durch die Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:22:38.861Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262309 | MailCleaner Admin Endpoints os command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262309"
},
{
"name": "VDB-262309 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262309"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Endpoints os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3193",
"datePublished": "2024-04-29T06:22:38.861Z",
"dateReserved": "2024-04-02T14:22:43.107Z",
"dateUpdated": "2024-08-01T20:05:07.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3192 (GCVE-0-2024-3192)
Vulnerability from nvd – Published: 2024-04-29 06:22 – Updated: 2024-08-01 20:05
VLAI?
Title
MailCleaner Admin Interface cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:18:13.981404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:27.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262308 | MailCleaner Admin Interface cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.262308"
},
{
"name": "VDB-262308 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Interface"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-262308."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in MailCleaner bis 2023.03.14 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Admin Interface. Mit der Manipulation durch Mail Message kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T09:45:06.885Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262308 | MailCleaner Admin Interface cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.262308"
},
{
"name": "VDB-262308 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262308"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T11:45:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Admin Interface cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3192",
"datePublished": "2024-04-29T06:22:37.114Z",
"dateReserved": "2024-04-02T14:22:39.907Z",
"dateUpdated": "2024-08-01T20:05:08.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3191 (GCVE-0-2024-3191)
Vulnerability from nvd – Published: 2024-04-29 06:21 – Updated: 2024-08-27 17:34
VLAI?
Title
MailCleaner Email os command injection
Summary
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307.
Severity ?
9.8 (Critical)
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MailCleaner |
Affected:
2023.03.0
Affected: 2023.03.1 Affected: 2023.03.2 Affected: 2023.03.3 Affected: 2023.03.4 Affected: 2023.03.5 Affected: 2023.03.6 Affected: 2023.03.7 Affected: 2023.03.8 Affected: 2023.03.9 Affected: 2023.03.10 Affected: 2023.03.11 Affected: 2023.03.12 Affected: 2023.03.13 Affected: 2023.03.14 |
Credits
Michael Imfeld
Pascal Zenker
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262307 | MailCleaner Email os command injection",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262307"
},
{
"name": "VDB-262307 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mailcleaner",
"vendor": "mailcleaner",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T13:41:22.311410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T17:34:56.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Email Handler"
],
"product": "MailCleaner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023.03.0"
},
{
"status": "affected",
"version": "2023.03.1"
},
{
"status": "affected",
"version": "2023.03.2"
},
{
"status": "affected",
"version": "2023.03.3"
},
{
"status": "affected",
"version": "2023.03.4"
},
{
"status": "affected",
"version": "2023.03.5"
},
{
"status": "affected",
"version": "2023.03.6"
},
{
"status": "affected",
"version": "2023.03.7"
},
{
"status": "affected",
"version": "2023.03.8"
},
{
"status": "affected",
"version": "2023.03.9"
},
{
"status": "affected",
"version": "2023.03.10"
},
{
"status": "affected",
"version": "2023.03.11"
},
{
"status": "affected",
"version": "2023.03.12"
},
{
"status": "affected",
"version": "2023.03.13"
},
{
"status": "affected",
"version": "2023.03.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Imfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in MailCleaner bis 2023.03.14 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Email Handler. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T06:21:47.288Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262307 | MailCleaner Email os command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262307"
},
{
"name": "VDB-262307 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262307"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-24-01-mailcleaner/"
},
{
"tags": [
"exploit"
],
"url": "https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/MailCleaner/MailCleaner/pull/601"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-23T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2024-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-29T08:26:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "MailCleaner Email os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3191",
"datePublished": "2024-04-29T06:21:47.288Z",
"dateReserved": "2024-04-02T14:22:37.552Z",
"dateUpdated": "2024-08-27T17:34:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010246 (GCVE-0-2019-1010246)
Vulnerability from nvd – Published: 2019-07-18 18:04 – Updated: 2024-08-05 03:07
VLAI?
Summary
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.
Severity ?
No CVSS data available.
CWE
- Unauthenticated MySQL database password information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MailCleaner | MailCleaner |
Affected:
before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailCleaner",
"vendor": "MailCleaner",
"versions": [
{
"status": "affected",
"version": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated MySQL database password information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T18:04:34",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailCleaner",
"version": {
"version_data": [
{
"version_value": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
}
]
}
}
]
},
"vendor_name": "MailCleaner"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated MySQL database password information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010246",
"datePublished": "2019-07-18T18:04:34",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20323 (GCVE-0-2018-20323)
Vulnerability from nvd – Published: 2019-03-17 21:38 – Updated: 2024-08-05 11:58
VLAI?
Summary
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T21:38:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151056/Mailcleaner-Remote-Code-Execution.html"
},
{
"name": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/",
"refsource": "MISC",
"url": "https://pentest.blog/advisory-mailcleaner-community-edition-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20323",
"datePublished": "2019-03-17T21:38:18",
"dateReserved": "2018-12-20T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18635 (GCVE-0-2018-18635)
Vulnerability from nvd – Published: 2018-10-24 21:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MailCleaner/MailCleaner/issues/53",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/issues/53"
},
{
"name": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8",
"refsource": "MISC",
"url": "https://github.com/MailCleaner/MailCleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18635",
"datePublished": "2018-10-24T21:00:00",
"dateReserved": "2018-10-24T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201810-0208
Vulnerability from variot - Updated: 2023-12-18 13:48www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. MailCleaner CE Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MailCleanerCE is an open source anti-spam gateway. The product is deployed between the mail infrastructure and the Internet and has features such as virus protection. A cross-site scripting vulnerability exists in the www/guis/admin/application/controllers/UserController.php file that manages the login interface in MailCleanerCE2018.08 and 2010.09. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending PATH_INFO to the admin/login/user/message/ page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mailcleaner",
"scope": "eq",
"trust": 2.4,
"vendor": "mailcleaner",
"version": "2018.08"
},
{
"model": "mailcleaner",
"scope": "eq",
"trust": 2.4,
"vendor": "mailcleaner",
"version": "2018.09"
},
{
"model": "ce",
"scope": "eq",
"trust": 0.6,
"vendor": "mailcleaner",
"version": "2018.08"
},
{
"model": "ce",
"scope": "eq",
"trust": 0.6,
"vendor": "mailcleaner",
"version": "2018.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mailcleaner:mailcleaner:2018.08:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mailcleaner:mailcleaner:2018.09:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18635"
}
]
},
"cve": "CVE-2018-18635",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18635",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21846",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-18635",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18635",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-21846",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1227",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. MailCleaner CE Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MailCleanerCE is an open source anti-spam gateway. The product is deployed between the mail infrastructure and the Internet and has features such as virus protection. A cross-site scripting vulnerability exists in the www/guis/admin/application/controllers/UserController.php file that manages the login interface in MailCleanerCE2018.08 and 2010.09. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending PATH_INFO to the admin/login/user/message/ page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "CNVD",
"id": "CNVD-2018-21846"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18635",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-21846",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"id": "VAR-201810-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
}
]
},
"last_update_date": "2023-12-18T13:48:09.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug fix - Issue #53",
"trust": 0.8,
"url": "https://github.com/mailcleaner/mailcleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
},
{
"title": "Security bug - Reflected XSS #53",
"trust": 0.8,
"url": "https://github.com/mailcleaner/mailcleaner/issues/53"
},
{
"title": "Patch for MailCleanerCE Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143243"
},
{
"title": "MailCleaner CE Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://github.com/mailcleaner/mailcleaner/commit/5f90a52785672fc688c1f85e472e84b8a0d008d8"
},
{
"trust": 1.6,
"url": "https://github.com/mailcleaner/mailcleaner/issues/53"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18635"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18635"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"date": "2018-10-24T21:29:01.217000",
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011338"
},
{
"date": "2018-12-06T15:32:36.900000",
"db": "NVD",
"id": "CVE-2018-18635"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MailCleaner CE Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21846"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1227"
}
],
"trust": 0.6
}
}