Search criteria
2 vulnerabilities found for MailSherlock by OAKlouds
CVE-2018-17542 (GCVE-0-2018-17542)
Vulnerability from cvelistv5 – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
VLAI?
Title
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
Summary
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Severity ?
4.3 (Medium)
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OAKlouds | MailSherlock |
Affected:
unspecified , < 1.5.235
(custom)
|
Credits
Researcher from a Technology enterprise
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5.235",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Researcher from a Technology enterprise"
}
],
"datePublic": "2018-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T19:57:01",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"ID": "CVE-2018-17542",
"STATE": "PUBLIC",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.5.235"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2018-17542",
"datePublished": "2019-02-11T20:00:00Z",
"dateReserved": "2018-09-26T00:00:00",
"dateUpdated": "2024-09-16T18:54:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17542 (GCVE-0-2018-17542)
Vulnerability from nvd – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
VLAI?
Title
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
Summary
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Severity ?
4.3 (Medium)
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OAKlouds | MailSherlock |
Affected:
unspecified , < 1.5.235
(custom)
|
Credits
Researcher from a Technology enterprise
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5.235",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Researcher from a Technology enterprise"
}
],
"datePublic": "2018-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T19:57:01",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"ID": "CVE-2018-17542",
"STATE": "PUBLIC",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.5.235"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2018-17542",
"datePublished": "2019-02-11T20:00:00Z",
"dateReserved": "2018-09-26T00:00:00",
"dateUpdated": "2024-09-16T18:54:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}