CVE-2023-48378— Softnext Mail SQR Expert - Path Traversal

CVSS 7.5 · High EPSS 0.16% · P37 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-48378

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Softnext Mail SQR Expert - Path Traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Softnext Technologies Mail SQR Expert 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Softnext Technologies Mail SQR Expert是中国中华数位科技（Softnext Technologies）公司的一个全方位电子邮件内容安全管理系统。 Softnext Technologies Mail SQR Expert v230330之前版本存在路径遍历漏洞，该漏洞源于特定 URL 的参数存在路径遍历，远程攻击者利用该漏洞可以绕过身份验证并下载任意系统文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Softnext	Mail SQR Expert	~ 230330	-

II. Public POCs for CVE-2023-48378

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-48378

请登录查看更多情报信息。

Same Patch Batch · Softnext · 2023-12-15 · 5 CVEs total

CVE-2023-48380	7.4 HIGH	Softnext Mail SQR Expert - Command Injection
CVE-2023-48381	6.5 MEDIUM	Softnext Mail SQR Expert - Local File Inclusion-1
CVE-2023-48382	6.5 MEDIUM	Softnext Mail SQR Expert - Local File Inclusion-2
CVE-2023-48379	5.3 MEDIUM	Softnext Mail SQR Expert - Blind Server-Side Request Forgey (SSRF)

IV. Related Vulnerabilities

Same product: Mail SQR Expert

Same vendor: Softnext

Same weakness: CWE-22

V. Comments for CVE-2023-48378

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-48378— Softnext Mail SQR Expert - Path Traversal

I. Basic Information for CVE-2023-48378

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-48378

III. Intelligence Information for CVE-2023-48378

Same Patch Batch · Softnext · 2023-12-15 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-48378

Leave a comment