Vulnerability Description
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spencer Miles | W3Mail | 1.0.2 |
References
- http://www.securityfocus.com/archive/1/218921ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/3673Vendor Advisory
- http://www.w3mail.org/ChangeLog
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7230
- http://www.securityfocus.com/archive/1/218921ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/3673Vendor Advisory
- http://www.w3mail.org/ChangeLog
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7230
FAQ
What is CVE-2001-1100?
CVE-2001-1100 is a vulnerability with a CVSS score of 7.5 (HIGH). sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
How severe is CVE-2001-1100?
CVE-2001-1100 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1100?
Check the references section above for vendor advisories and patch information. Affected products include: Spencer Miles W3Mail.