Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Softnext Mail SQR Expert - Command Injection
Vulnerability Description
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Softnext Technologies Mail SQR Expert 操作系统命令注入漏洞
Vulnerability Description
Softnext Technologies Mail SQR Expert是中国中华数位科技(Softnext Technologies)公司的一个全方位电子邮件内容安全管理系统。 Softnext Technologies Mail SQR Expert v230330之前版本存在操作系统命令注入漏洞,该漏洞源于特定功能中的特殊字符过滤不足,远程攻击者利用该漏洞可以命令注入攻击,执行任意系统命令或中断服务等。
CVSS Information
N/A
Vulnerability Type
N/A