CVE-2021-20617 PoC — Seeds Acmailer Db 和 Seeds Acmailer 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20617.yaml

Associated Vulnerability

Title:Seeds Acmailer Db 和 Seeds Acmailer 安全漏洞 (CVE-2021-20617)
Description:Seeds Acmailer和Seeds Acmailer Db都是日本Seeds公司的产品。Seeds Acmailer是一款用于支持邮件服务的CGI软件。Seeds Acmailer Db是一款用于支持邮件服务的CGI软件。该软件相较于标准版本会增加Mysql数据库连接功能，会提供更高的并发数量以及定制功能。 Seeds Acmailer 4.0.1版本及之前版本和Seeds Acmailer DB 1.1.3版本及之前版本存在安全漏洞，该漏洞允许远程攻击者执行任意操作系统命令，或获得管理权限。

Description

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.

File Snapshot


 id: CVE-2021-20617

info:
  name: Acmailer - Improper Access Control to OS Command Injection
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!