Browse all 10 CVE security advisories affecting Smartertools. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SmarterTools develops server software for email, web, and system administration, with its flagship product SmarterMail being the most targeted. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure default configurations. While no major public incidents have been widely documented, the 10 recorded CVEs highlight recurring issues in web interfaces and authentication mechanisms. Security researchers have noted that some vulnerabilities allowed attackers to compromise entire server instances through chained exploits, emphasizing the need for timely patching and hardening of default installations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-24387 | File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010 — SmarterTrackCWE-434 | 9.1 | Critical | 2022-03-14 |
| CVE-2022-24384 | Reflective XSS on SmarterTrack v100.0.8019.14010 — SmarterTrackCWE-79 | 8.8 | High | 2022-03-14 |
| CVE-2022-24385 | Information disclosure via direct object access on SmarterTrack v100.0.8019.14010 — SmarterTrackCWE-425 | 6.5 | Medium | 2022-03-14 |
| CVE-2022-24386 | Stored XSS in SmarterTrack v100.0.8019.14010 — SmarterTrackCWE-79 | 8.8 | High | 2022-03-14 |
This page lists every published CVE security advisory associated with Smartertools. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.