MailCleaner Authenticated Command Injection

2019-05-09T17:57:34
ID AKB:1EBF23FF-8DE1-4C84-82C4-07B828119E86
Type attackerkb
Reporter AttackerKB
Modified 2020-02-13T17:12:42

Description

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.

Recent assessments:

jrobles-r7 at 2019-05-09T17:57:34.998654Z reported:

Details

The /admin/managetracing/search/search endpoint in MailCleaner Community Edition allows an authenticated user to inject operating system commands.

Assessed Attacker Value: 3 Assessed Exploitability: 2