(0Day) PineApp Mail-SeCure confpremenu.php Export Log Remote Code Execution Vulnerability

2013-07-26T00:00:00
ID ZDI-13-187
Type zdi
Reporter Dave Weinstein, HP Zero Day Initiative
Modified 2013-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PineApp Mail-SeCure. Authentication is not required to exploit this vulnerability.

The specific flaw exists with input sanitization in the confpremenu.php component. This flaw allows for the injection of arbitrary commands to the Mail-SeCure server. An attacker could leverage this vulnerability to execute arbitrary code as root.