5 matches found
EUVD-2023-52433
Malicious code in bioql PyPI...
CVE-2023-48382
The CVE-2023-48382 entry concerns Softnext Mail SQR Expert with a Local File Inclusion (LFI) vulnerability in a mail delivery URL. An unauthenticated attacker can exploit this to execute arbitrary PHP files with a .asp extension in certain system paths and access/modify partial system information...
CVE-2023-48381
CVE-2023-48381 relates to Softnext Mail SQR Expert, an email management platform, with a Local File Inclusion (LFI) flaw exposed via a special URL. The vulnerability lets an unauthenticated attacker cause the execution of arbitrary PHP files with a “.asp” extension under specific system paths, en...
CVE-2023-48379
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...
Server side request forgery (ssrf)
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...