CVE-2022-22794

Description

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.

PUBLISHED Reserved 2022-01-07 | Published 2022-02-24 | Updated 2024-09-17 | Assigner INCD

Problem types

Unauthenticated Sql Injection to Remote Code Execution.

Product status

Credits

Dudu Moyal - Sophtix Security LTD

Gad Abuhatzeira - Sophtix Security LTD

References

www.gov.il/en/departments/faq/cve_advisories

www.gov.il/en/departments/faq/cve_advisories

cve.org (CVE-2022-22794)

nvd.nist.gov (CVE-2022-22794)

Download JSON