Phillip Whelan

**Name of the Vulnerable Software and Affected Versions** omail webmail versions 0.98.4 and earlier **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `password`, `domainname`, or `username` variables. This is due to a problem in the `checklogin` function in omail.pl. **Recommendations** For omail webmail versions 0.98.4 and earlier, as a temporary workaround, consider disabling the `checklogin` function until a patch is available. Restrict access to the omail.pl script to minimize the risk of exploitation. Avoid using shell metacharacters in the `password`, `domainname`, or `username` variables in the affected script until the issue is resolved.