Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Cybonet |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-27937 | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner. |
Fixes
Solution
A patch was released with a hardening of the input validation
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories |
|
History
Tue, 17 Sep 2024 04:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection |
MITRE
Status: PUBLISHED
Assigner: INCD
Published:
Updated: 2024-09-17T03:44:00.986Z
Reserved: 2022-01-07T00:00:00
Link: CVE-2022-22794
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-24T17:15:08.047
Modified: 2024-11-21T06:47:28.020
Link: CVE-2022-22794
Redhat
No data.
OpenCVE Enrichment
No data.