CVE-2022-41675

HIGH

Raiden MAILD - Code Injection

Title source: llm

Description

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.

References (1)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-6738-b78f4-1.html

Scores

CVSS v3 8.0

EPSS 0.0115

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1236

Status published

Products (1)

raidenmaild/raidenmaild < 4.7.4

Published Nov 29, 2022

Tracked Since Feb 18, 2026