Описание
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*
cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01482
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 21 год назад
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail a ...
github
больше 3 лет назад
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
EPSS
Процентиль: 80%
0.01482
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other