Insufficient Filtering of Special Characters in Mail SQR Expert Allows Remote Command Execution

Insufficient Filtering of Special Characters in Mail SQR Expert Allows Remote Command Execution

CVE-2022-40741 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.

Learn more about our Web Application Penetration Testing UK.