nph-maillist Arbitrary Code Execution Vulnerability

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

This issue can be resolved by editing . There is a section with several lines like:

if ($FORM{'emailaddress'} !~ /\@/) { &bad_email();}

Add the following two lines to that section:

if ($FORM{'emailaddress'} =~ /\;/) { &bad_email();}

if ($FORM{'emailaddress'} =~ /\`/) { &bad_email();}


Privacy Statement
Copyright 2010, SecurityFocus