Vulnerability CVE-2002-1582
Published: 2004-12-06   Modified: 2012-02-12

Description:
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Mailreader.com -> Mailreader.com 

 References:
http://www.securityfocus.com/bid/6058
http://www.securityfocus.com/archive/1/297428
http://www.iss.net/security_center/static/10491.php
http://www.mailreader.com/download/ChangeLog
Copyright 2024, cxsecurity.com

 

Back to Top