81 matches found
Cross site scripting
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords...
CVE-2023-38190
CVE-2023-38190 affects SuperWebMailer 9.00.0.01710. The issue is an Export SQL Injection via the size parameter in the affected application. Root cause: exploitable SQL injection in the parameterized export flow, allowing an attacker to inject SQL commands. Impact per sources: data exposure, modi...
SuperWebMailer SQL Injection Vulnerability
Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a SQL injection vulnerability in parameter size...
CVE-2023-38193
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line...
CVE-2023-38194
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter...
PT-2023-26329 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue in SuperWebMailer allows Remote Code Execution via a crafted sendmail command line. Recommendations: For SuperWebMailer version 9.00.0.01710, consider restricting access to the sendmai...
PT-2023-26330 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue was discovered that allows for XSS via a GET parameter in the keepalive.php file. Recommendations: For SuperWebMailer version 9.00.0.01710, consider restricting access to the...
SuperWebMailer Command Injection Vulnerability
Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710 that stems from the presence of a Remote Code Execution RCE vulnerability. An attacker can...
SuperWebMailer Cross-Site Scripting Vulnerability
Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a cross-site scripting XSS vulnerability in the file...
CVE-2023-38190
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter...
CVE-2023-38192
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords...
CVE-2023-38190
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter...
CVE-2023-38192
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords...
CVE-2023-38194
SuperWebMailer (v9.00.0.01710) is affected by a Cross-Site Scripting (XSS) in keepalive.php achievable via a GET parameter. Root cause: insufficient input validation and lack of proper output encoding in that script. Impact: could allow attackers to execute malicious scripts in a user’s browser, ...
CVE-2023-38193
CVE-2023-38193 affects SuperWebMailer 9.00.0.01710, where a crafted sendmail command line allows Remote Code Execution. The NVD entry assigns CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8), indicating high impact with network access, low privileges required, and no user inte...
CVE-2023-38193
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line...
PT-2023-26328 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue was discovered that allows for XSS via crafted incorrect passwords in the superadmincreate.php file. Recommendations: For SuperWebMailer version 9.00.0.01710, as a temporary workaround...
PT-2023-26326 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: The issue allows for Export SQL Injection via the size parameter. This enables potential attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification...
SuperWebMailer Cross-Site Scripting Vulnerability
Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a cross-site scripting XSS vulnerability in the file keepalive.php...
CVE-2023-38194
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter...