PineApp Mail-SeCure 'test_li_connection.php' Remote Command Injection Vulnerability Network Vulnerability

Summary

The remote PineApp Mail-SeCure is prone to a remote command-injection vulnerability.

Impact

Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance. Authentication is not required to exploit this vulnerability. Impact Level: System/Application

Solution

Ask the Vendor for an update.

Insight

Input to the 'iptest' value is not properly sanitized in 'test_li_connection.php'

Affected

PineApp Mail-SeCure Series.

Detection

Send a crafted HTTP GET request and check the response.

References

http://www.securityfocus.com/bid/61477
http://www.zerodayinitiative.com/advisories/ZDI-13-188/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Athena Web Registration remote command execution flaw
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
4Images <= 1.7.1 Directory Traversal Vulnerability

Take action and discover your vulnerabilities