First published: Tue Jul 14 2020(Updated: )
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Superwebmailer Superwebmailer | <7.40.0.01550 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of SuperWebMailer is CVE-2020-11546.
The severity of CVE-2020-11546 is critical with a score of 9.8.
SuperWebMailer versions up to 7.40.0.01550 are affected by CVE-2020-11546.
An unauthenticated remote attacker can exploit CVE-2020-11546 by injecting arbitrary PHP code through the Language parameter of mailingupgrade.php.
There is no specific fix available for CVE-2020-11546 at the moment, but it is recommended to update to a version beyond 7.40.0.01550.