Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through th…

Maitra version 1.7.2 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries through the mailid parameter in outmail and inmail modules. The vulnerability also enables attackers to directly download the SQLite database file from the application directory. This results in extraction of sensitive mail tracking data and credentials. The vulnerability affects the mail tracking application and requires authentication to exploit. Multiple proof-of-concept exploits are available publicly.