Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER1 and by doing that, the attacker can run Remote Code Execution in one liner.
Publication date: Thu, 24 Feb 2022 23:15:00 +0000