Vulnerabilities > CVE-2019-1010246 - Missing Authorization vulnerability in Mailcleaner

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mailcleaner

CWE-862

NVD

Published: 2019-07-18

Updated: 2020-08-24

Summary

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersController.php. The attack vector is: HTTP Get request. The fixed version is: c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9.

Vulnerable Configurations

Part	Description	Count
Application	Mailcleaner Mailcleaner Mailcleaner 2011.9 Mailcleaner Mailcleaner 2012.5 Mailcleaner Mailcleaner 2012.6 Mailcleaner Mailcleaner 2014.10 Mailcleaner Mailcleaner 2017.09 Mailcleaner Mailcleaner 2018.02 Mailcleaner Mailcleaner 2018.06 Mailcleaner Mailcleaner 2018.08	8

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/MailCleaner/MailCleaner/commit/c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9