CVE-2013-7103

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.

Published: Dec 14, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-7103
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mcafee / email_gateway	7.6	7.6.x

http://osvdb.org/100581
http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Dec/18
http://www.securityfocus.com/bid/64150
https://exchange.xforce.ibmcloud.com/vulnerabilities/90162

Vulnerability Database

289,697

CVE-2013-7103