CVE-2014-1203

2017-10-2414:00:00

mitre

www.cve.org

AI Score

9.9

Confidence

High

EPSS

0.022

Percentile

89.7%

JSON

The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.

References

seclists.org/fulldisclosure/2014/Jan/32