Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability

A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms.

An insecurely-structured call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands with the privilege of the webserver.


 

Privacy Statement
Copyright 2010, SecurityFocus