SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
CPE | Name | Operator | Version |
---|---|---|---|
oaklouds_mailsherlock | lt | 1.5.235 |