CVE-2020-37141

Vulnerability

Details

CVE-2020-37141 is a SQL injection vulnerability in AMSS++ version 4.31, specifically in the maildetail.php script of the mail module. The id parameter is not properly sanitized before being used in SQL queries, allowing attackers to inject arbitrary SQL statements [1][2]. The vulnerability is classified under CWE-89 and has a CVSS v4 vector of AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N, indicating high confidentiality impact and low integrity impact [2].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to /modules/mail/main/maildetail.php with a malicious id parameter. The public exploit published by indoushka demonstrates a simple injection point [1]. No authentication is required (PR:N), and the attack can be performed over the network (AV:N) [2]. The vulnerability is trivial to exploit, as shown by the proof-of-concept.

Impact

Successful exploitation allows an attacker to read arbitrary data from the database, potentially extracting sensitive information such as user credentials or application configuration. Additionally, an attacker may be able to modify database contents, though the impact on integrity is rated low [2]. The overall severity is high (CVSS 8.2), and the vulnerability could lead to unauthorized access or data breaches.

Mitigation

As of this advisory, no official patch has been released for AMSS++ 4.31. The vendor's site may be defunct, and the software appears to be no longer maintained. Users are advised to upgrade to a later version if available, or to implement input validation and parameterized queries to mitigate the risk. Until remediation is applied, this vulnerability poses a significant threat to affected installations.