← volver
CVE-2022-40741

SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection

CVSS 9.8 CRITICALEPSS 1.1%CWE-78
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
31 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H