Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-7702. PoCs published by SEC Consult.
AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in SecurEnvoy SecurMail, including XSS, path traversal, insecure direct object reference, missing authentication, and CSRF. Proof-of-concept examples are provided for each vulnerability.
Description
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
Exploits (1)
This is a detailed security advisory from SEC Consult describing multiple critical vulnerabilities in SecurEnvoy SecurMail, including XSS, path traversal, insecure direct object reference, missing authentication, and CSRF. Proof-of-concept examples are provided for each vulnerability.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N