CVE-2020-25849

MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-4118-6292c-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openfind:mailaudit:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openfind:mailaudit:5.0:*:*:*:*:*:*:*
cpe:2.3:a:openfind:mailgates:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openfind:mailgates:5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-01 17:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-25849

Mitre link : CVE-2020-25849

CVE.ORG link : CVE-2020-25849


JSON object : View

Products Affected

openfind

  • mailaudit
  • mailgates
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')