Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Modoboa has an OS Command Injection
Vulnerability Description
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server. Version 2.7.1 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Modoboa 操作系统命令注入漏洞
Vulnerability Description
Modoboa是Modoboa个人开发者的一个邮件托管和管理平台。 Modoboa 2.7.1之前版本存在操作系统命令注入漏洞,该漏洞源于exec_cmd函数始终以shell=True运行子进程调用且未清理域名输入,可能导致执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A