CVE-2020-11546

CRITICAL EXPLOITED NUCLEI

Superwebmailer < 7.40.0.01550 - Code Injection

Title source: rule

Description

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.

Exploits (2)

nomisec WORKING POC 1 stars

by damit5 · remote-auth

https://github.com/damit5/CVE-2020-11546

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Official-BlackHat13 · remote-auth

https://github.com/Official-BlackHat13/CVE-2020-11546

View Code ZIP pw:eip

Nuclei Templates (1)

SuperWebmailer 7.21.0.01526 - Remote Code Execution

CRITICALby Official_BlackHat13

Shodan: title:"SuperWebMailer" || http.title:"superwebmailer"

FOFA: title="superwebmailer"

References (1)

[Exploit, Third Party Advisory] https://blog.to.com/advisory-superwebmailer-cve-2020-11546/

Scores

CVSS v3 9.8

EPSS 0.9304

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-22

CWE

CWE-94

Status published

Products (1)

superwebmailer/superwebmailer < 7.40.0.01550

Published Jul 14, 2020

Tracked Since Feb 18, 2026