CVE-2022-41675

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.
Configurations

Configuration 1 (hide)

cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:23

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html - Third Party Advisory

01 Dec 2022, 16:47

Type Values Removed Values Added
CWE CWE-1236
CPE cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*
References (MISC) https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html - (MISC) https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html - Third Party Advisory

29 Nov 2022, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-29 04:15

Updated : 2024-11-21 07:23


NVD link : CVE-2022-41675

Mitre link : CVE-2022-41675

CVE.ORG link : CVE-2022-41675


JSON object : View

Products Affected

raidenmaild

  • raidenmaild
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File