Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDwfCVE-2019-1010246
HistoryJul 18, 2019 - 7:15 p.m.

CVE-2019-1010246

2019-07-1819:15:11
CWE-862
dwf
web.nvd.nist.gov
62
cve-2019-1010246
mailcleaner
unauthenticated
mysql
database
password
disclosure
api call
newsletterscontroller
http
get request

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.

Affected configurations

Nvd
Node
mailcleanermailcleanerRange<2019-01-21
VendorProductVersionCPE
mailcleanermailcleaner*cpe:2.3:a:mailcleaner:mailcleaner:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "MailCleaner",
    "vendor": "MailCleaner",
    "versions": [
      {
        "status": "affected",
        "version": "before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 [fixed: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9]"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
osv 1
prion 1
nvd
nvd
CVE-2019-1010246
2019-07-18 19:15:11
cvelist
cvelist
CVE-2019-1010246
2019-07-18 18:04:34
osv
osv
CVE-2019-1010246
2019-07-18 19:15:11
prion
prion
Information disclosure
2019-07-18 19:15:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON
Related for CVE-2019-1010246
nvd1cvelist1osv1prion1