Arbitrary Command Execution via Email Attachment Filename in Sup

Arbitrary Command Execution via Email Attachment Filename in Sup

CVE-2013-4478 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

Learn more about our Web Application Penetration Testing UK.