PT-2001-2090 · Unknown · Pgpmail.Pl
Published
2001-11-30
·
Updated
2016-10-18
·
CVE-2001-0937
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PGPMail.pl version 1.31
Description
The issue allows remote attackers to execute arbitrary commands. This can be achieved by injecting shell metacharacters into the
recipient or pgpuserid parameters.Recommendations
For PGPMail.pl version 1.31, consider restricting or sanitizing input for the
recipient and pgpuserid parameters to prevent command injection attacks. As a temporary workaround, restrict access to the script until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pgpmail.Pl