← Back

CVE-2022-42136

nvd nist
Published: Jan 13, 2023Modified: Apr 7, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

Affected (12)

Mailenable
1 product
Mailenable
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Mailenable
Mailenable
Before 8.66
Mailenable
From 10.00 to 10.42
Mailenable
From 9.0 to 9.85
Mailenable
Before 8.66
Mailenable
From 10.00 to 10.42
Mailenable
From 9.0 to 9.85
Mailenable
Before 8.66
Mailenable
From 10.00 to 10.42
Mailenable
From 9.0 to 9.85
Mailenable
Before 8.66
Mailenable
From 10.00 to 10.42
Mailenable
From 9.0 to 9.85

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.