Medium severity4.3NVD Advisory· Published Feb 11, 2019· Updated Jun 17, 2026
CVE-2018-17542
CVE-2018-17542
Description
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Affected products
2<1.5.235+ 1 more
- (no CPE)range: <1.5.235
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- twcert.org.tw/subpages/ServeThePublic/public_document_details.aspxnvdThird Party Advisory
- twcert.org.tw/subpages/ServeThePublic/public_document_details.aspxnvdThird Party Advisory
News mentions
0No linked articles in our index yet.