← back
CVE-2022-40741

SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection

CVSS 9.8 CRITICALEPSS 1.1%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H