PT-2001-2243 · W3Mail · W3Mail
Publicado
2001-10-07
·
Atualizado
2017-10-10
·
CVE-2001-1100
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
W3Mail version 1.0.2
Description
The issue allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. This is due to a problem in the sendmessage.cgi program.
Recommendations
For W3Mail version 1.0.2, consider restricting access to the sendmessage.cgi program until a patch is available. As a temporary workaround, avoid using shell metacharacters in any field of the 'Compose Message' page to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
W3Mail