Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MailSherlock by OAKlouds

    CVE-2018-17542 (GCVE-0-2018-17542)

    Vulnerability from nvd – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
    VLAI
    Title
    SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
    Summary
    SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    OAKlouds MailSherlock Affected: unspecified , < 1.5.235 (custom)
    Create a notification for this product.
    Date Public
    2018-11-23 00:00
    Credits
    Researcher from a Technology enterprise
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:54:09.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailSherlock",
              "vendor": "OAKlouds",
              "versions": [
                {
                  "lessThan": "1.5.235",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Researcher from a Technology enterprise"
            }
          ],
          "datePublic": "2018-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-11T19:57:01.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update the software to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
              "ID": "CVE-2018-17542",
              "STATE": "PUBLIC",
              "TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailSherlock",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "1.5.235"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OAKlouds"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Researcher from a Technology enterprise"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
                }
              ]
            },
            "exploit": [],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
                  "refsource": "CONFIRM",
                  "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
                },
                {
                  "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
                  "refsource": "CONFIRM",
                  "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update the software to the latest version."
              }
            ],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2018-17542",
        "datePublished": "2019-02-11T20:00:00.000Z",
        "dateReserved": "2018-09-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:54:20.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17542 (GCVE-0-2018-17542)

    Vulnerability from cvelistv5 – Published: 2019-02-11 20:00 – Updated: 2024-09-16 18:54
    VLAI
    Title
    SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds
    Summary
    SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    OAKlouds MailSherlock Affected: unspecified , < 1.5.235 (custom)
    Create a notification for this product.
    Date Public
    2018-11-23 00:00
    Credits
    Researcher from a Technology enterprise
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:54:09.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MailSherlock",
              "vendor": "OAKlouds",
              "versions": [
                {
                  "lessThan": "1.5.235",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Researcher from a Technology enterprise"
            }
          ],
          "datePublic": "2018-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-11T19:57:01.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update the software to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
              "ID": "CVE-2018-17542",
              "STATE": "PUBLIC",
              "TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MailSherlock",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "1.5.235"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OAKlouds"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Researcher from a Technology enterprise"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
                }
              ]
            },
            "exploit": [],
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
                  "refsource": "CONFIRM",
                  "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
                },
                {
                  "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28",
                  "refsource": "CONFIRM",
                  "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=28"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update the software to the latest version."
              }
            ],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2018-17542",
        "datePublished": "2019-02-11T20:00:00.000Z",
        "dateReserved": "2018-09-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:54:20.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }