← Back

Softnext

softnext

9 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Mail Sqr Expert
mail_sqr_expert
7 CVEs
Spam Sqr
spam_sqr
1 CVE
Sn Os
sn_os
1 CVE

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-5670
1Softnext
1Sn Os
Nov 21, 2024
Jul 29, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the re...Show more
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.Show less
CVE-2023-48382
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Dec 15, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbi...Show more
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.Show less
CVE-2023-48381
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Dec 15, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP fil...Show more
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.Show less
CVE-2023-48380
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Dec 15, 2023
N/A· v4
8.0 HIGH· v3
N/A· v2
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to...Show more
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.Show less
CVE-2023-48379
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Dec 15, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover...Show more
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.Show less
CVE-2023-48378
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Dec 15, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system...Show more
Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.Show less
CVE-2023-24835
1Softnext
1Spam Sqr
Nov 21, 2024
Mar 27, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary...Show more
Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.Show less
CVE-2022-40742
1Softnext
1Mail Sqr Expert
May 5, 2025
Oct 31, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to ac...Show more
Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.Show less
CVE-2022-40741
1Softnext
1Mail Sqr Expert
Nov 21, 2024
Oct 31, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.