Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
PineApp Mail-SeCure 'livelog.html' Remote Command Injection Vulnerability
Information
Severity
Severity
Critical
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
10.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
10 years ago
Modified
Modified
5 years ago
Summary
PineApp Mail-SeCure 3.70 is prone to a remote command-injection vulnerability.
Insight
Insight
The specific flaws exist with input sanitization in the livelog.html component. These flaws allow for the injection of arbitrary commands to the Mail-SeCure server.
Detection Method
Detection Method
Send a crafted HTTP GET request and check the response.
Solution
Solution
Ask the Vendor for an update. Upgrade to version 5.1