CVE-2001-1100 - sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute

CVE-2001-1100

Summary

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.

References

http://www.securityfocus.com/archive/1/218921
http://www.securityfocus.com/bid/3673
http://www.w3mail.org/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/7230

Vulnerable Configurations

cpe:2.3:a:spencer_miles:w3mail:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:spencer_miles:w3mail:1.0.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3673
bugtraq	20011007 Bug found at W3Mail Webmail
confirm	http://www.w3mail.org/ChangeLog
xf	w3mail-metacharacters-command-execution(7230)

Last major update

10-10-2017 - 01:30

Published

07-10-2001 - 04:00

Last modified

10-10-2017 - 01:30