CVE-2022-22794 MEDIUM

CVE-2022-22794: Cybonet - PineApp Mail Relay Unauthenticated Sql Injection

Vendor Cybonet
Product Pineapp Mail Relay
Published February 24, 2022
Last update September 17, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.

Key dates

02Disclosure timeline

February 24, 2022 CVE published
September 17, 2024 Record updated