Omail · @Mail Webmail · CVE-2004-1993
**Name of the Vulnerable Software and Affected Versions**
omail webmail version 0.98.5
**Description**
The issue concerns an incomplete patch to the `checklogin` function in `omail.pl`, allowing remote attackers to execute arbitrary commands. This can be achieved by using shell metacharacters, such as backticks, in the `password` variable.
**Recommendations**
For omail webmail version 0.98.5, consider disabling the `checklogin` function until a complete patch is available. Restrict access to the `omail.pl` script to minimize the risk of exploitation. Avoid using backticks or other shell metacharacters in the `password` variable until the issue is resolved.