CVE-2014-1203

Name of the Vulnerable Software and Affected Versions: Eyou Mail System versions prior to 3.6

Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to the "/admin/domain/ip login set/d ip login get.php" API endpoint. This is due to a flaw in the get login ip config file function.

Recommendations: For versions prior to 3.6, consider disabling the get login ip config file function until a patch is available. Restrict access to the "/admin/domain/ip login set/d ip login get.php" API endpoint to minimize the risk of exploitation. Avoid using the domain parameter in the affected API endpoint until the issue is resolved.