CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31245
https://notcve.org/view.php?id=CVE-2022-31245
20 May 2022 — mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. mailcow versiones anteriores a 2022-05d, permite a un usuario remoto autenticado inyectar comandos del Sistema Operativo y escalar privilegios a administrador del dominio por medio de la opción --debug junto con la opción ---PIPEMESS en Sync Jobs • https://github.com/ly1g3/Mailcow-CVE-2022-31245 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8928 – Mailcow 0.14 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-8928
14 May 2017 — mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. mailcow 0.14, se usa en "mailcow: dockerized" y otros productos, tiene CSRF. MailCow version 0.14 suffers from multiple cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/42004 • CWE-352: Cross-Site Request Forgery (CSRF) •