Vulnerability Description
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omail | Omail Webmail | 0.97.3 |
References
- http://marc.info/?l=bugtraq&m=108377215015515&w=2
- http://secunia.com/advisories/9585Vendor Advisory
- http://www.securityfocus.com/bid/10274Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12948
- http://marc.info/?l=bugtraq&m=108377215015515&w=2
- http://secunia.com/advisories/9585Vendor Advisory
- http://www.securityfocus.com/bid/10274Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12948
FAQ
What is CVE-2004-1993?
CVE-2004-1993 is a vulnerability with a CVSS score of 10.0 (HIGH). The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in...
How severe is CVE-2004-1993?
CVE-2004-1993 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1993?
Check the references section above for vendor advisories and patch information. Affected products include: Omail Omail Webmail.