cbcvebase.
CVE-2023-27507
published 2023-05-23

CVE-2023-27507: MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.28%
66.4th percentile
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.

Affected

2 ranges
VendorProductVersion rangeFixed in
microenginemailform>= 1.1.0 < 1.1.91.1.9
microengine_incmicroengine_mailform
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.