Cybonet - PineApp Mail Relay Local File Inclusion
CVE-2022-22793

6.1MEDIUM

Key Information:

Vendor: Cybonet
Status: Pineapp Mail Relay
Vendor: CVE Published:; 24 February 2022

What is CVE-2022-22793?

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.

Affected Version(s)

Pineapp Mail Relay PineApp Latest

References

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Jan 7, 2022

Credit

Dudu Moyal - Sophtix Security LTD