(0Day) PineApp Mail-SeCure confpremenu.php Export Log Remote Code Execution Vulnerability

ID ZDI-13-187
Type zdi
Reporter Dave Weinstein, HP Zero Day Initiative
Modified 2013-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability.

The specific flaw exists with input sanitization in the confpremenu.php component. This flaw allows for the injection of arbitrary commands to the Mail-SeCure server. An attacker could leverage this vulnerability to execute arbitrary code as root.