Softnext Mail SQR Expert - Command Injection
CVE-2023-48380

7.4HIGH

Key Information:

Vendor: Softnext
Status: Mail SQR Expert
Vendor: CVE Published:; 15 December 2023

What is CVE-2023-48380?

A vulnerability exists in the Softnext Mail SQR Expert email management platform, where insufficient filtering of special characters in a specific function can be exploited. An authenticated remote attacker can leverage this flaw to execute arbitrary system commands, potentially leading to system manipulation or service disruption.

Affected Version(s)

Mail SQR Expert <= 230330

References

https://www.twcert.org.tw/tw/cp-132-7598-37b03-1.html

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Nov 16, 2023