CVE-2002-1582

compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.

Published: Dec 6, 2004
Updated: Apr 13, 2023
CVE: CVE-2002-1582
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mailreader.com / mailreader.com	2.3.30	2.3.30.x
mailreader.com / mailreader.com	2.3.31	2.3.31.x

http://www.iss.net/security_center/static/10491.php
http://www.mailreader.com/download/ChangeLog
http://www.securityfocus.com/archive/1/297428
http://www.securityfocus.com/bid/6058

Vulnerability Database

289,697

CVE-2002-1582