Описание
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mailreader.com:mailreader.com:2.3.30:*:*:*:*:*:*:*
cpe:2.3:a:mailreader.com:mailreader.com:2.3.31:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.0178
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 21 года назад
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail a ...
github
почти 4 года назад
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
EPSS
Процентиль: 82%
0.0178
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other