彙總 softnext 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷與SSRF 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-5670 | The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server. | [email protected] | 9.8 | 1.09% | 2024-07-29 | 2024-11-21 |
| CVE-2023-48382 | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | [email protected] | 6.5 | 0.34% | 2023-12-15 | 2024-11-21 |
| CVE-2023-48381 | Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | [email protected] | 6.5 | 0.34% | 2023-12-15 | 2024-11-21 |
| CVE-2023-48380 | Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | [email protected] | 7.4 | 0.31% | 2023-12-15 | 2024-11-21 |
| CVE-2023-48379 | Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | [email protected] | 5.3 | 0.27% | 2023-12-15 | 2024-11-21 |
| CVE-2023-48378 | Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | [email protected] | 7.5 | 0.16% | 2023-12-15 | 2024-11-21 |
| CVE-2023-24835 | Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service. | [email protected] | 7.2 | 0.69% | 2023-03-27 | 2024-11-21 |
| CVE-2022-40742 | Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | [email protected] | 6.5 | 0.61% | 2022-10-31 | 2025-05-05 |
| CVE-2022-40741 | Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. | [email protected] | 9.8 | 2.15% | 2022-10-31 | 2024-11-21 |