CVE-2018-17542

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt