Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

Published

2023-01-13T21:15:15.523

Last Modified

2025-04-07T19:15:43.457

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-22
Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mailenable	mailenable	< 8.66	Yes
Application	mailenable	mailenable	< 8.66	Yes
Application	mailenable	mailenable	< 8.66	Yes
Application	mailenable	mailenable	< 8.66	Yes
Application	mailenable	mailenable	< 9.85	Yes
Application	mailenable	mailenable	< 9.85	Yes
Application	mailenable	mailenable	< 9.85	Yes
Application	mailenable	mailenable	< 9.85	Yes
Application	mailenable	mailenable	< 10.42	Yes
Application	mailenable	mailenable	< 10.42	Yes
Application	mailenable	mailenable	< 10.42	Yes
Application	mailenable	mailenable	< 10.42	Yes

References

https://pastebin.com/ahLNMf5n Third Party Advisory ([email protected])
https://www.mailenable.com/kb/content/article.asp?ID=ME020737 Vendor Advisory ([email protected])
https://pastebin.com/ahLNMf5n Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mailenable.com/kb/content/article.asp?ID=ME020737 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)