Search criteria
10 vulnerabilities by AcyMailing
CVE-2024-7384 (GCVE-0-2024-7384)
Vulnerability from cvelistv5 – Published: 2024-08-22 02:02 – Updated: 2024-08-22 14:26
VLAI?
Title
AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
Summary
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acyba | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress |
Affected:
* , ≤ 9.7.2
(semver)
|
Credits
Arkadiusz Hydzik
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acymailing",
"vendor": "acymailing",
"versions": [
{
"lessThanOrEqual": "9.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T14:09:52.644438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:26:47.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress",
"vendor": "acyba",
"versions": [
{
"lessThanOrEqual": "9.7.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arkadiusz Hydzik"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T02:02:02.326Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/acymailing/trunk/back/libraries/wordpress/file.php#L47"
},
{
"url": "https://wordpress.org/plugins/acymailing/#developers"
},
{
"url": "https://www.acymailing.com/changelog/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Facymailing\u0026old=3118953\u0026new_path=%2Facymailing\u0026new=3137644\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3137644/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-21T13:54:14.000+00:00",
"value": "Disclosed"
}
],
"title": "AcyMailing \u003c= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7384",
"datePublished": "2024-08-22T02:02:02.326Z",
"dateReserved": "2024-08-01T14:30:24.680Z",
"dateUpdated": "2024-08-22T14:26:47.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41867 (GCVE-0-2023-41867)
Vulnerability from cvelistv5 – Published: 2023-09-25 18:41 – Updated: 2024-09-23 20:05
VLAI?
Title
WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS)
Summary
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcyMailing Newsletter Team | AcyMailing |
Affected:
n/a , ≤ 8.6.2
(custom)
|
Credits
Rafshanzani Suhada (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T20:05:11.180832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:05:20.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "acymailing",
"product": "AcyMailing",
"vendor": "AcyMailing Newsletter Team",
"versions": [
{
"changes": [
{
"at": "8.6.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.6.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafshanzani Suhada (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;8.6.2 versions.\u003c/span\u003e"
}
],
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin \u003c=\u00a08.6.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T18:41:54.912Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;8.6.3 or a higher version."
}
],
"value": "Update to\u00a08.6.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress AcyMailing SMTP Newsletter Plugin \u003c= 8.6.2 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-41867",
"datePublished": "2023-09-25T18:41:54.912Z",
"dateReserved": "2023-09-04T11:35:57.267Z",
"dateUpdated": "2024-09-23T20:05:20.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39971 (GCVE-0-2023-39971)
Vulnerability from cvelistv5 – Published: 2023-08-17 20:06 – Updated: 2024-10-20 04:33
VLAI?
Title
Extension - acymailing.com - XSS in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3
Summary
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Affected:
6.7.0-8.6.3
|
Credits
Joomla Security Strike Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:01.484633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:11:36.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:27.361Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - XSS in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39971",
"datePublished": "2023-08-17T20:06:40.974Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:27.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39972 (GCVE-0-2023-39972)
Vulnerability from cvelistv5 – Published: 2023-08-17 20:06 – Updated: 2024-10-20 04:33
VLAI?
Title
Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3
Summary
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Affected:
6.7.0-8.6.3
|
Credits
Joomla Security Strike Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:48:33.885440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:48:41.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists."
}
],
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:20.711Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39972",
"datePublished": "2023-08-17T20:06:39.150Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:20.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39974 (GCVE-0-2023-39974)
Vulnerability from cvelistv5 – Published: 2023-08-17 20:06 – Updated: 2024-10-20 04:33
VLAI?
Title
Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3
Summary
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Affected:
6.7.0-8.6.3
|
Credits
Joomla Security Strike Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:47:55.762491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:48:05.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list."
}
],
"value": "Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:25.578Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39974",
"datePublished": "2023-08-17T20:06:39.321Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:25.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39973 (GCVE-0-2023-39973)
Vulnerability from cvelistv5 – Published: 2023-08-17 20:06 – Updated: 2024-10-20 04:33
VLAI?
Title
Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3
Summary
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Affected:
6.7.0-8.6.3
|
Credits
Joomla Security Strike Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:49:07.081674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:49:14.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns."
}
],
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:20.343Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39973",
"datePublished": "2023-08-17T20:06:35.442Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:20.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28733 (GCVE-0-2023-28733)
Vulnerability from cvelistv5 – Published: 2023-03-30 11:27 – Updated: 2025-02-11 19:17
VLAI?
Title
Stored XSS affecting the AcyMailing plugin for Joomla
Summary
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.
This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcyMailing | Newsletter Plugin for Joomla in the Enterprise version |
Affected:
0 , < 8.3.0
(git)
|
Credits
Raphaël Arrouas (Xel)
Bug Bounty Switzerland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.acymailing.com/change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:17:01.611706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:17:17.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Newsletter Plugin for Joomla in the Enterprise version ",
"vendor": "AcyMailing",
"versions": [
{
"lessThan": "8.3.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rapha\u00ebl Arrouas (Xel)"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bug Bounty Switzerland"
}
],
"datePublic": "2023-03-30T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign\u0027s creation on front-office. \u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eThis issue affects AnyMailing Joomla Plugin\u0026nbsp;Enterprise in versions below 8.3.0. \u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign\u0027s creation on front-office. \n\nThis issue affects AnyMailing Joomla Plugin\u00a0Enterprise in versions below 8.3.0. \n\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T11:27:40.884Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://www.acymailing.com/change-log/"
},
{
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eupdate to a fixed version (\u0026gt;= 8.3.0)\u003c/p\u003e"
}
],
"value": "update to a fixed version (\u003e= 8.3.0)\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-06T11:00:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2023-03-09T11:00:00.000Z",
"value": "Initial vendor notification"
},
{
"lang": "en",
"time": "2023-03-10T11:00:00.000Z",
"value": "Initial vendor response"
},
{
"lang": "en",
"time": "2023-03-20T11:00:00.000Z",
"value": "Releasion of fixed version"
},
{
"lang": "en",
"time": "2023-03-30T10:00:00.000Z",
"value": "Coordinated public disclosure"
}
],
"title": "Stored XSS affecting the AcyMailing plugin for Joomla ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-28733",
"datePublished": "2023-03-30T11:27:40.884Z",
"dateReserved": "2023-03-22T09:53:07.889Z",
"dateUpdated": "2025-02-11T19:17:17.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28732 (GCVE-0-2023-28732)
Vulnerability from cvelistv5 – Published: 2023-03-30 11:26 – Updated: 2025-02-11 20:10
VLAI?
Title
Missing access control affecting the AcyMailing plugin for Joomla
Summary
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office.
This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcyMailing | Newsletter Plugin for Joomla |
Affected:
0 , < 8.3.0
(git)
|
Credits
Raphaël Arrouas (Xel)
Bug Bounty Switzerland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.acymailing.com/change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/acyba/acymailing/releases/tag/v8.3.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28732"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:08:02.489166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:10:17.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Newsletter Plugin for Joomla ",
"repo": "https://github.com/acyba/acymailing/",
"vendor": "AcyMailing",
"versions": [
{
"lessThan": "8.3.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rapha\u00ebl Arrouas (Xel)"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bug Bounty Switzerland"
}
],
"datePublic": "2023-03-30T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing access control in\u0026nbsp;AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign\u0027s creation on front-office. \u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eThis issue affects AnyMailing Joomla Plugin in versions below 8.3.0. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Missing access control in\u00a0AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign\u0027s creation on front-office. \n\nThis issue affects AnyMailing Joomla Plugin in versions below 8.3.0. \n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T11:26:27.209Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://www.acymailing.com/change-log/"
},
{
"url": "https://github.com/acyba/acymailing/releases/tag/v8.3.0"
},
{
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28732"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eupdate to a fixed version (\u0026gt;= 8.3.0)\u003c/p\u003e"
}
],
"value": "update to a fixed version (\u003e= 8.3.0)\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-01T11:00:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2023-03-09T11:00:00.000Z",
"value": "Initial vendor notification"
},
{
"lang": "en",
"time": "2023-03-10T11:00:00.000Z",
"value": "Initial vendor response"
},
{
"lang": "en",
"time": "2023-03-20T11:00:00.000Z",
"value": "Releasion of fixed version"
},
{
"lang": "en",
"time": "2023-03-30T10:00:00.000Z",
"value": "Coordinated public disclosure "
}
],
"title": "Missing access control affecting the AcyMailing plugin for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-28732",
"datePublished": "2023-03-30T11:26:27.209Z",
"dateReserved": "2023-03-22T09:53:07.889Z",
"dateUpdated": "2025-02-11T20:10:17.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28731 (GCVE-0-2023-28731)
Vulnerability from cvelistv5 – Published: 2023-03-30 11:25 – Updated: 2025-02-11 20:11
VLAI?
Title
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Summary
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected.
This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Severity ?
9.8 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcyMailing | Newsletter Plugin for Joomla in the Enterprise version |
Affected:
0 , < 8.3.0
(git)
|
Credits
Raphaël Arrouas (Xel)
Bug Bounty Switzerland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.acymailing.com/change-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28731"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:10:51.852642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:11:00.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Newsletter Plugin for Joomla in the Enterprise version",
"vendor": "AcyMailing",
"versions": [
{
"lessThan": "8.3.0",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rapha\u00ebl Arrouas (Xel)"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bug Bounty Switzerland"
}
],
"datePublic": "2023-03-30T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eAnyMailing Joomla Plugin is vulnerable to\u0026nbsp;unauthenticated remote code execution,\u0026nbsp;when being granted access to the campaign\u0027s creation on front-office due to unrestricted file upload allowing PHP code to be injected. \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThis issue affects AnyMailing Joomla Plugin\u0026nbsp;Enterprise in versions below 8.3.0. \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "AnyMailing Joomla Plugin is vulnerable to\u00a0unauthenticated remote code execution,\u00a0when being granted access to the campaign\u0027s creation on front-office due to unrestricted file upload allowing PHP code to be injected. \n\n\n\nThis issue affects AnyMailing Joomla Plugin\u00a0Enterprise in versions below 8.3.0. \n\n\n\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T11:25:36.854Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://www.acymailing.com/change-log/"
},
{
"url": "https://www.bugbounty.ch/advisories/CVE-2023-28731"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eupdate to a fixed version (\u0026gt;= 8.3.0)\u003c/p\u003e"
}
],
"value": "update to a fixed version (\u003e= 8.3.0)\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-01T11:00:00.000Z",
"value": "Reported"
},
{
"lang": "en",
"time": "2023-03-09T11:00:00.000Z",
"value": "Initial vendor notification "
},
{
"lang": "en",
"time": "2023-03-10T11:00:00.000Z",
"value": "Initial vendor response "
},
{
"lang": "en",
"time": "2023-03-20T11:00:00.000Z",
"value": "Releasion of fixed version"
},
{
"lang": "en",
"time": "2023-03-30T10:00:00.000Z",
"value": "Coordinated public disclosure "
}
],
"title": "Unauthenticated RCE affecting the AcyMailing plugin for Joomla",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrevent the execution of PHP files in the thumbnail directory to prevent the injected code from being executed\u003c/p\u003e"
}
],
"value": "Prevent the execution of PHP files in the thumbnail directory to prevent the injected code from being executed\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-28731",
"datePublished": "2023-03-30T11:25:36.854Z",
"dateReserved": "2023-03-22T09:53:07.889Z",
"dateUpdated": "2025-02-11T20:11:00.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24288 (GCVE-0-2021-24288)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
AcyMailing < 7.5.0 - Unauthenticated Open Redirect
Summary
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
Severity ?
No CVSS data available.
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AcyMailing | Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP Newsletter |
Affected:
7.5.0 , < 7.5.0
(custom)
|
Credits
Viktor Markopoulos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP Newsletter",
"vendor": "AcyMailing",
"versions": [
{
"lessThan": "7.5.0",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Viktor Markopoulos"
}
],
"descriptions": [
{
"lang": "en",
"value": "When subscribing using AcyMailing, the \u0027redirect\u0027 parameter isn\u0027t properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:52",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AcyMailing \u003c 7.5.0 - Unauthenticated Open Redirect",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24288",
"STATE": "PUBLIC",
"TITLE": "AcyMailing \u003c 7.5.0 - Unauthenticated Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.5.0",
"version_value": "7.5.0"
}
]
}
}
]
},
"vendor_name": "AcyMailing"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Viktor Markopoulos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When subscribing using AcyMailing, the \u0027redirect\u0027 parameter isn\u0027t properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24288",
"datePublished": "2021-05-17T16:48:52",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}