VYPR

Mailsherlock Msr35

by Oaklouds

CVEs (3)

  • CVE-2019-9883HigJun 3, 2019
    risk 0.57cvss 8.8epss 0.01

    Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.

  • CVE-2019-9882HigJun 3, 2019
    risk 0.57cvss 8.8epss 0.01

    Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2…

  • CVE-2018-17542MedFeb 11, 2019
    risk 0.28cvss 4.3epss 0.01

    SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.