Summary
The remote PineApp Mail-SeCure is prone to a remote command-injection vulnerability.
Impact
Successful exploits will result in the execution of arbitrary commands with root privileges in the context of the affected appliance.
Authentication is not required to exploit this vulnerability.
Impact Level: System/Application
Solution
Ask the Vendor for an update.
Insight
Input to the 'iptest' value is not properly sanitized in 'test_li_connection.php'
Affected
PineApp Mail-SeCure Series.
Detection
Send a crafted HTTP GET request and check the response.
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Apache Tomcat /servlet Cross Site Scripting