CVE-2004-1993

Name of the Vulnerable Software and Affected Versions omail webmail version 0.98.5

Description The issue concerns an incomplete patch to the checklogin function in omail.pl, allowing remote attackers to execute arbitrary commands. This can be achieved by using shell metacharacters, such as backticks, in the password variable.

Recommendations For omail webmail version 0.98.5, consider disabling the checklogin function until a complete patch is available. Restrict access to the omail.pl script to minimize the risk of exploitation. Avoid using backticks or other shell metacharacters in the password variable until the issue is resolved.