CVE-2023-39933

2024-03-1800:32:49

jpcert

www.cve.org

vulnerability

verification

a.k.i software

pmailserver

pmailserver2

arbitrary executable

file upload

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software’s PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server’s execution privilege.

CNA Affected

[
  {
    "vendor": "A.K.I Software ",
    "product": "pmc.exe",
    "versions": [
      {
        "version": "2.5.1.720 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

akisoftware.com/Vulnerability202301.html

jvn.jp/en/jp/JVN92720882/