Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2022-42136

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

Published: Jan 13, 2023
Updated: Nov 16, 2025
CVE: CVE-2022-42136
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
mailenable / mailenable	-	8.66
mailenable / mailenable	9.0	9.85
mailenable / mailenable	10.00	10.42

https://pastebin.com/ahLNMf5n
https://www.mailenable.com/kb/content/article.asp?ID=ME020737

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo