Mailspect Control Panel Multiple Vulnerabilities Network Vulnerability

Summary

Mailspect Control Panel is prone to multiple vulnerabilities.

Impact

An attacker can exploit these issues to obtain sensitive information or to execute arbitrary script code or to execute arbitary code in the context of the application.

Solution

Ask the vendor for an update

Insight

Mailspect Control Panel is prone to 1. a remote code execution (Authenticated) 2. two arbitrary file read (Authenticated) 3. a cross site scripting vulnerability (Unauthenticated)

Affected

Mailspect Control Panel version 4.0.5

Detection

Send a crafted HTTP GET request and check the response

References

http://seclists.org/fulldisclosure/2014/Jun/137

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AstroSPACES profile.php SQL Injection Vulnerability
Admbook PHP Code Injection Flaw
Baby Gekko CMS Multiple Vulnerabilities
ARRIS 2307 Unprotected Web Console

Take action and discover your vulnerabilities