Impact
An exploitation of the sendmail transport integration in YouTransfer v1.0.6 permits an attacker to inject and execute arbitrary code by submitting a specially crafted request. The vulnerability is a code injection flaw as defined by CWE‑94 and can compromise confidentiality, integrity, and availability by allowing a malicious actor to run unintended commands on the affected system. If an attacker succeeds, they can take full control of the server hosting the application.
Affected Systems
YouTransfer version 1.0.6 is impacted. No other versions or related products are listed as affected.
Risk and Exploitability
The CVSS score of 9.8 classifies the issue as critical, and the EPSS score of less than 1% indicates a low likelihood of immediate exploitation, though the lack of a KEV listing does not diminish the inherent severity. Likely, the attack vector is a remote network request to the sendmail integration endpoint; this inference is based on the description that attacks are carried out by supplying a crafted request. System administrators should treat it as a potential remote code execution scenario pending an official fix.
OpenCVE Enrichment