Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20323 | 1 Mailcleaner | 1 Mailcleaner | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | |||||
| CVE-2019-1010246 | 1 Mailcleaner | 1 Mailcleaner | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9. | |||||
| CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | |||||