CVE-2004-1993

Published May 4, 2004

Last updated 8 years ago

CVSS info 10.0

Overview

Description: The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:omail:omail_webmail:0.97.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D031B5C-282A-42B9-9345-72B785138A39"
          },
          {
            "criteria": "cpe:2.3:a:omail:omail_webmail:0.98.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7250A3B6-88AF-4816-8812-33D1575E3FF9"
          },
          {
            "criteria": "cpe:2.3:a:omail:omail_webmail:0.98.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69CDA07-ABBF-401E-90A0-1183B6194CAA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References