SQL Injection Vulnerability in MailSherlock Allows Unauthorized Access to Email Subjects

SQL Injection Vulnerability in MailSherlock Allows Unauthorized Access to Email Subjects

CVE-2018-17542 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.

Learn more about our User Device Pen Test.