Search criteria
2 vulnerabilities by SOFTNEXT TECHNOLOGIES CORP.
CVE-2022-40742 (GCVE-0-2022-40742)
Vulnerability from cvelistv5 – Published: 2022-10-31 06:40 – Updated: 2025-05-05 15:30
VLAI?
Title
SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion
Summary
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SOFTNEXT TECHNOLOGIES CORP. | Mail SQR Expert |
Affected:
2dut.190301
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:41.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T15:29:55.320742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T15:30:22.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mail SQR Expert",
"vendor": "SOFTNEXT TECHNOLOGIES CORP.",
"versions": [
{
"status": "affected",
"version": "2dut.190301"
}
]
}
],
"datePublic": "2022-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mail SQR Expert version to 2dut.220701 (The version except FreeBSD 9.x device)"
}
],
"source": {
"advisory": "TVN-202210009",
"discovery": "EXTERNAL"
},
"title": "SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-40742",
"datePublished": "2022-10-31T06:40:42.545Z",
"dateReserved": "2022-09-15T00:00:00.000Z",
"dateUpdated": "2025-05-05T15:30:22.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40741 (GCVE-0-2022-40741)
Vulnerability from cvelistv5 – Published: 2022-10-31 06:40 – Updated: 2025-05-06 19:27
VLAI?
Title
SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection
Summary
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SOFTNEXT TECHNOLOGIES CORP. | Mail SQR Expert |
Affected:
2dut.190301
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:41.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6643-89bfa-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:27:42.644387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:27:58.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mail SQR Expert",
"vendor": "SOFTNEXT TECHNOLOGIES CORP.",
"versions": [
{
"status": "affected",
"version": "2dut.190301"
}
]
}
],
"datePublic": "2022-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mail SQR Expert\u2019s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6643-89bfa-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mail SQR Expert version to 2dut.220701 (The version except FreeBSD 9.x device)"
}
],
"source": {
"advisory": "TVN-202210008",
"discovery": "EXTERNAL"
},
"title": "SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-40741",
"datePublished": "2022-10-31T06:40:41.572Z",
"dateReserved": "2022-09-15T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:27:58.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}