superwebmailer 漏洞與 CVE 列表（8）

產品（CPE）: — CVE 數: 8

superwebmailer 漏洞概覽

彙總 superwebmailer 相關全部產品的 CVE 與安全漏洞情報，包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括跨站腳本與SQL 注入，在軟體部署與生產負載使用場景中可能帶來工作階段劫持與資料外洩等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告，可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢（近 24 個月）

CVE	摘要	來源	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2024-24131	SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.	[email protected]	6.1	13.16%	2024-02-07	2025-06-05
CVE-2023-38194	An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.	[email protected]	6.1	4.35%	2023-10-21	2024-11-21
CVE-2023-38193	An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.	[email protected]	8.8	0.88%	2023-10-21	2024-11-21
CVE-2023-38192	An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.	[email protected]	6.1	5.37%	2023-10-21	2024-11-21
CVE-2023-38190	An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.	[email protected]	8.8	0.07%	2023-10-21	2024-11-21
CVE-2023-38191	An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.	[email protected]	6.1	0.30%	2023-10-20	2024-11-21
CVE-2020-11546	SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.	[email protected]	9.8	93.24%	2020-07-14	2024-11-21
CVE-2015-2349	Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter.	[email protected]	4.3	0.26%	2015-03-19	2026-05-06

cvelogic Threat Intelligence