CHT Security Red Team Discovered Vulnerability in Well-Known Mail Audit Solution.

Summary:

CVE-2024-4298– Command injection

CVE-2024-4299– Command injection


Details: 

Command injection


Description:

There is a parameter affected by Command Injection in specific function.

A remote attacker with authenticated user privilege can achieve remote code execution with this vulnerability. 


Known Affected Software:

CVE-2024-4298

4.5: < 4.5-188

5.5: < 5.5-188


CVE-2024-4299

4.5: < 4.5-147

5.5: < 5.5-147


Credits:

Dong-Jie Chen (CHT Security)