Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cgiecho | Cpanel | - (including) | - (including) |
Cgiemail | Cpanel | - (including) | - (including) |
Cgiemail | Ubuntu | esm-apps/xenial | * |
Cgiemail | Ubuntu | precise | * |
Cgiemail | Ubuntu | trusty | * |
Cgiemail | Ubuntu | upstream | * |
Cgiemail | Ubuntu | xenial | * |
Cgiemail | Ubuntu | yakkety | * |