2024-06-25 02:35
CHT Security Red Team Discovered Vulnerability in Well-Known Mail Audit Solution.
Summary:
CVE-2024-4298– Command injection
CVE-2024-4299– Command injection
Details:
Command injection
Description:
There is a parameter affected by Command Injection in specific function.
A remote attacker with authenticated user privilege can achieve remote code execution with this vulnerability.
Known Affected Software:
CVE-2024-4298
4.5: < 4.5-188
5.5: < 5.5-188
CVE-2024-4299
4.5: < 4.5-147
5.5: < 5.5-147
Credits:
Dong-Jie Chen (CHT Security)