Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MailReader.com远程命令执行漏洞
Vulnerability Description
Mailreader.com是一款由Perl编写基于WEB的POP3邮件阅读程序。 Mailreader中的compose.cgi脚本对$CONFIG{RealEmail}参数检查不正确,远程攻击者可以利用这个漏洞通过在输入中插进SHELL元字符,以WEB进程权限执行任意命令。 Mailreader允许用户指定他们自己的邮件服务器,可使得任意用户可以登录和使用Mailreader,用户也可以使用configSMTPServers输入覆盖SMTPServers配置。Mailreader 2.3.30和之前版
CVSS Information
N/A
Vulnerability Type
N/A