Arbitrary Command Execution in sendmessage.cgi of W3Mail 1.0.2 and Other CGI Programs

Arbitrary Command Execution in sendmessage.cgi of W3Mail 1.0.2 and Other CGI Programs

CVE-2001-1100 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.

Learn more about our Web Application Penetration Testing UK.