An attacker can inject SQL queries in the application in order to exploit vulnerabilities in the database or gain unauthorized access.
It is recommended to upgrade to version 7.2.8 or 7.3.5 or 7.4.0, as these releases fixes these issues.
E-Mailing Subsystem is Denied
via ErrorDocument_redirect.
In RedHat 6.x , there is a configuration option that is used to restrict access to the E-mail subsystem. This configuration option can be changed, so an attacker can send an e-mail to the e-mail account of another user.
E-mail Account Management via FTP
via sys_fetch_page_from_remote.
It is possible to get an access to the e-mail account of another user via FTP. An attacker can upload a file to the FTP server and then upload the file to the /var/www/html/ folder via SSH.
Register a New User
When you register a new user, the following error is returned:
Limitation and Mitigation
To mitigate this issue, configure the FTP server to deny access to remote users.
CVE-2022-44120
An attacker can inject SQL queries in the application in order to exploit vulnerabilities in the database or gain unauthorized access.
It is recommended to upgrade to version 7.2.8 or 7.3.5 or 7.4.0, as these releases fixes these issues.
Timeline
Published on: 11/23/2022 21:15:00 UTC
Last modified on: 11/28/2022 19:38:00 UTC