CVE-2023-4595
Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
BVRP Software · SLmailQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →