CVE-2019-10149
Public Exploits 4
Metasploit · 1 exim4_deliver_message_priv_esc.rb [exploit]
In-the-Wild Activity Observed cisa_kev · confirmed
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-10149
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Exim 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Exim是一个运行于Unix系统中的开源消息传送代理(MTA),它主要负责邮件的路由、转发和投递。 Exim 4.87版本至4.91版本中存在操作系统命令注入漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2019-10149
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | quick fix for CVE-2019-10149, works on Debian\Ubuntu\Centos | https://github.com/bananaphones/exim-rce-quickfix | POC Details |
| 2 | simple python socket connection to test if exim is vulnerable to CVE-2019-10149. The payload simply touch a file in /tmp/eximrce. | https://github.com/cowbe0x004/eximrce-CVE-2019-10149 | POC Details |
| 3 | PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server. | https://github.com/MNEMO-CERT/PoC--CVE-2019-10149_Exim | POC Details |
| 4 | Simple Bash shell quick fix CVE-2019-10149 | https://github.com/aishee/CVE-2019-10149-quick | POC Details |
| 5 | CVE-2019-10149 privilege escalation | https://github.com/AzizMea/CVE-2019-10149-privilege-escalation | POC Details |
| 6 | Exim Honey Pot for CVE-2019-10149 exploit attempts. | https://github.com/Brets0150/StickyExim | POC Details |
| 7 | CVE-2019-10149 | https://github.com/Chris-dev1/exim.exp | POC Details |
| 8 | Instructions for installing a vulnerable version of Exim and its expluatation | https://github.com/darsigovrustam/CVE-2019-10149 | POC Details |
| 9 | CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | https://github.com/Diefunction/CVE-2019-10149 | POC Details |
| 10 | SNP Assignment on a Linux vulnerability | https://github.com/Dilshan-Eranda/CVE-2019-10149 | POC Details |
| 11 | Data Collection Related to Exim CVE-2019-10149 | https://github.com/cloudflare/exim-cve-2019-10149-data | POC Details |
| 12 | Exploit for CVE-2019-10149 | https://github.com/Stick-U235/CVE-2019-10149-Exploit | POC Details |
| 13 | None | https://github.com/rahmadsandy/EXIM-4.87-CVE-2019-10149 | POC Details |
| 14 | CVE-2019-10149 | https://github.com/hyim0810/CVE-2019-10149 | POC Details |
| 15 | test POC for CVE-2019-10149 | https://github.com/qlusec/CVE-2019-10149 | POC Details |
| 16 | Remote Command Execution into shell from a vulnerable exim service. | https://github.com/uyerr/PoC_CVE-2019-10149--rce | POC Details |
| 17 | PoC for exploitation of vulnerability CVE-2019-10149 | https://github.com/VoyagerOnne/Exim-CVE-2019-10149 | POC Details |
| 18 | Cr. Exim 4.87 - 4.91 - Local Privilege Escalation | https://github.com/Cheryanika/CVE-2019-10149---Exim4---RCE | POC Details |
| 19 | None | https://github.com/CybersRMUTL/CVE-2019-10149-Exim4-RCE | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-10149
请登录查看更多情报信息。
Vendor Advisories for CVE-2019-10149 (4)
- https://www.debian.org/security/2019/dsa-4456vendor-advisory
- https://usn.ubuntu.com/4010-1/vendor-advisory
Exploits & Public PoCs for CVE-2019-10149 (3)
Mailing List Discussions for CVE-2019-10149 (8)
- http://seclists.org/fulldisclosure/2019/Jun/16mailing-list
Other References for CVE-2019-10149 (1)
IV. Related Vulnerabilities
Same weakness: CWE-78
- CVE-2026-47294
Microsoft SharePoint Server Remote Code Execution Vulnerabil - CVE-2026-10279
hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pa - CVE-2026-10273
php-censor Webhook Endpoint GitBuild.php os command injectio - CVE-2026-10219
nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge - CVE-2026-10214
zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_war
V. Comments for CVE-2019-10149
No comments yet