PineApp Mail-SeCure 'ldapsyncnow.php' Remote Command Injection Vulnerability Network Vulnerability

Summary

PineApp Mail-SeCure is prone to a remote command-injection vulnerability.

Impact

Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance. Impact Level: Application

Solution

Ask the Vendor for an update.

Insight

The specific flaw exists with input sanitization in the ldapsyncnow.php component. This flaw allows for the injection of arbitrary commands to the Mail-SeCure server. An attacker could leverage this vulnerability to execute arbitrary code as root.

Detection

Send a crafted HTTP GET request and check the response.

References

http://www.securityfocus.com/bid/61474

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Admbook PHP Code Injection Flaw
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Admin News Tools Multiple Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability

Take action and discover your vulnerabilities