Medium severity6.8NVD Advisory· Published Feb 24, 2022· Updated Jun 17, 2026
CVE-2022-22794
CVE-2022-22794
Description
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: PineApp Latest
Patches
Vulnerability mechanics
References
1- www.gov.il/en/departments/faq/cve_advisoriesnvdThird Party Advisory
News mentions
0No linked articles in our index yet.