Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for MailSherlock by OAKlouds
CVE-2018-17542 (GCVE-0-2018-17542)
Vulnerability from nvd – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
VLAI?
Title
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
Summary
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Severity ?
4.3 (Medium)
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OAKlouds | MailSherlock |
Affected:
unspecified , < 1.5.235
(custom)
|
Date Public ?
2018-11-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5.235",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Researcher from a Technology enterprise"
}
],
"datePublic": "2018-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T19:57:01.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"ID": "CVE-2018-17542",
"STATE": "PUBLIC",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.5.235"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2018-17542",
"datePublished": "2019-02-11T20:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:54:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17542 (GCVE-0-2018-17542)
Vulnerability from cvelistv5 – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
VLAI?
Title
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
Summary
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Severity ?
4.3 (Medium)
CWE
- SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OAKlouds | MailSherlock |
Affected:
unspecified , < 1.5.235
(custom)
|
Date Public ?
2018-11-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock",
"vendor": "OAKlouds",
"versions": [
{
"lessThan": "1.5.235",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Researcher from a Technology enterprise"
}
],
"datePublic": "2018-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T19:57:01.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"ID": "CVE-2018-17542",
"STATE": "PUBLIC",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.5.235"
}
]
}
}
]
},
"vendor_name": "OAKlouds"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to the latest version."
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2018-17542",
"datePublished": "2019-02-11T20:00:00.000Z",
"dateReserved": "2018-09-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:54:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}