PT-2004-2889 · Omail · @Mail Webmail

Thijs Dalhuijsen

Published

2004-05-04

Updated

2017-07-11

CVE-2004-1993

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions omail webmail version 0.98.5

Description The issue concerns an incomplete patch to the checklogin function in omail.pl, allowing remote attackers to execute arbitrary commands. This can be achieved by using shell metacharacters, such as backticks, in the password variable.

Recommendations For omail webmail version 0.98.5, consider disabling the checklogin function until a complete patch is available. Restrict access to the omail.pl script to minimize the risk of exploitation. Avoid using backticks or other shell metacharacters in the password variable until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1993

Affected Products

@Mail Webmail

PT-2004-2889 · Omail · @Mail Webmail

CVE-2004-1993

Related Identifiers

Affected Products

References · 5