Primary

Context

AMSS++ SQL Injection Vulnerability in Mail Module

Vulnerability

A SQL injection vulnerability has been identified in AMSS++ version 4.31, specifically within the mail module's maildetail.php script. The vulnerability arises from the 'id' parameter, which attackers can manipulate to inject malicious SQL queries. This exploitation could lead to unauthorized access or modification of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the maildetail.php script within the mail module. Append the 'id' parameter to the URL and inject a crafted SQL query. The application will process the injected SQL, potentially allowing access to or modification of the database.

Added: Feb 7, 2026, 12:34 AM

Updated: Feb 7, 2026, 12:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMSS++ SQL Injection Vulnerability in Mail Module

Vulnerability

Impact

Reproduction

Affected Products

AMSS++

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating