Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Confirm E-Mail头远程命令执行漏洞
Vulnerability Description
Confirm是一个简单procmail脚本使用模型匹配帮助鉴别邮件的程序。 Confirm在处理邮件头时缺少输入验证处理,远程攻击者可以利用这个漏洞以用户进程权限执行任意命令。 问题主要是Confirm对邮件头中包含SHELL元字符的数据缺少充分过滤,远程攻击者可以构建恶意邮件,发送给目标处理,可以用户进程权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A