SQL Injection Vulnerability in MailSherlock Allows Unauthorized Access to Email Subjects
CVE-2018-17542 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request.
Learn more about our User Device Pen Test.