Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
History
Tue, 17 Sep 2024 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection |
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-02-24T16:14:15.767373Z
Updated: 2024-09-17T03:44:00.986Z
Reserved: 2022-01-07T00:00:00
Link: CVE-2022-22794
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-24T17:15:08.047
Modified: 2022-10-07T03:07:43.563
Link: CVE-2022-22794
Redhat
No data.