Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution

ID 2875.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


The remote host is running Open Webmail, an open-source perl script that gives remote users a web-based interface to email. This version of Open Webmail is vulnerable to a content-parsing flaw that would allow a remote attack to run arbitrary code on the Open Webmail server. Specifically, the application fails to parse out the '|' character which can be used to append commands to system calls.

                                            Binary data 2875.prm