Back to KEVs

CVE-2020-11546

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 04, 2020
Published Date
July 14, 2020
Last Updated
August 04, 2024
Vendor
SuperWebMailer
Product
SuperWebMailer
Description
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
Tags
php nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
90.57% (Percentile: 99.58%) as of 2025-06-20

Exploit Status

Exploited in the Wild
Yes (2025-06-08 00:00:00 UTC) Source

References

https://blog.to.com/advisory-superwebmailer-cve-2020-11546/

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-06-09 12:00:13 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11546.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Official-BlackHat13/CVE-2020-11546

Type: github • Created: 2021-12-27 14:18:31 UTC • Stars: 1

SuperWebMailer RCE

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel