MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mailman_webmail | Endymion | 3.0.12 | 3.0.12 |
Mailman_webmail | Endymion | 3.0.24 | 3.0.24 |
Mailman_webmail | Endymion | 3.0.13 | 3.0.13 |
Mailman_webmail | Endymion | 3.0.11 | 3.0.11 |
Mailman_webmail | Endymion | 3.0.20 | 3.0.20 |
Mailman_webmail | Endymion | 3.0.19 | 3.0.19 |
Mailman_webmail | Endymion | 3.0.14 | 3.0.14 |
Mailman_webmail | Endymion | 3.0.16 | 3.0.16 |
Mailman_webmail | Endymion | 3.0.18 | 3.0.18 |
Mailman_webmail | Endymion | 3.0.1 | 3.0.1 |
Mailman_webmail | Endymion | 3.0 | 3.0 |
Mailman_webmail | Endymion | 3.0.23 | 3.0.23 |
Mailman_webmail | Endymion | 3.0.21 | 3.0.21 |
Mailman_webmail | Endymion | 3.0.15 | 3.0.15 |
Mailman_webmail | Endymion | 3.0.25 | 3.0.25 |
Mailman_webmail | Endymion | 3.0.22 | 3.0.22 |
Mailman_webmail | Endymion | 3.0.10 | 3.0.10 |