(0Day) PineApp Mail-SeCure conflivelog.pl Remote Code Execution Vulnerability

2013-07-26T00:00:00
ID ZDI-13-183
Type zdi
Reporter Anonymous
Modified 2013-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability.

The specific flaws exist with input sanitization in the conflivelog.pl component. This flaw allows for the injection of arbitrary commands to the Mail-Secure server. An attacker could leverage this vulnerability to execute arbitrary commands as root.