Extra Innovation Inc Acmailer Cgi vulnerabilities
2 known vulnerabilities affecting extra_innovation_inc/acmailer_cgi.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-46686P2CRITICALCVSS 9.8vver.4.0.3 and earlier2025-02-18
CVE-2021-46686 [CRITICAL] CWE-78 CVE-2021-46686: Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker.
nvd
CVE-2023-49780P4MEDIUMCVSS 6.1vver.4.0.5 and earlier2025-02-12
CVE-2023-49780 [MEDIUM] CWE-79 CVE-2023-49780: Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
nvd