Omail » Omail Webmail : Security Vulnerabilities, CVEs, CVSS score >= 7
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
Max CVSS
10.0
EPSS Score
18.31%
Published
2004-05-04
Updated
2017-07-11
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
Max CVSS
10.0
EPSS Score
0.68%
Published
2003-08-19
Updated
2017-07-11
2 vulnerabilities found