Vulnerability Description
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailreader.Com | Mailreader.Com | 2.3.30 |
References
- http://www.iss.net/security_center/static/10491.phpPatchVendor Advisory
- http://www.mailreader.com/download/ChangeLogVendor Advisory
- http://www.securityfocus.com/archive/1/297428ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/6058PatchVendor Advisory
- http://www.iss.net/security_center/static/10491.phpPatchVendor Advisory
- http://www.mailreader.com/download/ChangeLogVendor Advisory
- http://www.securityfocus.com/archive/1/297428ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/6058PatchVendor Advisory
FAQ
What is CVE-2002-1582?
CVE-2002-1582 is a vulnerability with a CVSS score of 10.0 (HIGH). compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configu...
How severe is CVE-2002-1582?
CVE-2002-1582 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1582?
Check the references section above for vendor advisories and patch information. Affected products include: Mailreader.Com Mailreader.Com.