CVE-2022-41871 MEDIUM

CVE-2022-41871

Vendor Seppmail

Product SEPPmail

Weakness CWE-78

Published April 28, 2025

Last update April 28, 2025

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.

Key dates

02Disclosure timeline

April 28, 2025 CVE published

April 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41871 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2026-2544 yued-fe LuLu UI run.js child_process.exec os command injection CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection CVE-2024-5338 Ruijie RG-UAC online.php os command injection CVE-2024-11681 Remote Code Execution in MacPorts CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability