CVE-2023-4595

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Published: Nov 23, 2023
Updated: Nov 30, 2023
CVE: CVE-2023-4595
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-538

Affected Software
References

Software	From	Fixed in
seattlelab / slmail	5.5.0.4433	5.5.0.4433.x

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail

Vulnerability Database

290,020

CVE-2023-4595