9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.5%
MicroEngine Mailform provided by MicroEngine Inc. contains multiple vulnerabilities listed below.
Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-27397
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N | Base Score: 3.7 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Path traversal (CWE-22) - CVE-2023-27507
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N | Base Score: 3.7 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
Update the Software
Update to version 1.1.9 or later according to the information provided by the developer.
Apply workarounds
The developer also provides the workaround information regarding this issue.
For more information, refer to the information provided by the developer.