{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T18:30:20.796","vulnerabilities":[{"cve":{"id":"CVE-2023-48378","sourceIdentifier":"twcert@cert.org.tw","published":"2023-12-15T08:15:45.547","lastModified":"2026-06-17T06:34:08.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."},{"lang":"es","value":"Softnext Mail SQR Expert tiene una vulnerabilidad de path traversal dentro de su parámetro en una URL específica. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eludir la autenticación y descargar archivos arbitrarios del sistema."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Softnext","product":"Mail SQR Expert ","defaultStatus":"unaffected","versions":[{"version":" ","lessThanOrEqual":"230330","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-08T14:16:13.885822Z","id":"CVE-2023-48378","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*","versionEndIncluding":"230330","matchCriteriaId":"FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}