Antoine Nguyen

13 exploits Active since Jan 2023
CVE-2026-27602 WRITEUP HIGH WRITEUP
Modoboa has an OS Command Injection
Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server. Version 2.7.1 patches the issue.
CVSS 7.2
CVE-2023-0398 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.4 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 6.5
CVE-2023-0406 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.4 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 4.3
CVE-2023-0438 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.4 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 6.5
CVE-2023-0470 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.4 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 5.4
CVE-2023-0519 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.4 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
CVSS 5.4
CVE-2023-0949 WRITEUP MEDIUM WRITEUP
Modoboa < 2.0.5 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
CVSS 4.8
CVE-2023-2160 WRITEUP MEDIUM WRITEUP
modoboa/modoboa <2.1.0 - Info Disclosure
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 6.3
CVE-2023-2227 WRITEUP CRITICAL WRITEUP
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 9.1
CVE-2023-2228 WRITEUP MEDIUM WRITEUP
Modoboa < 2.1.0 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.
CVSS 6.8
CVE-2023-5688 WRITEUP MEDIUM WRITEUP
Modoboa < 2.2.2 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 5.4
CVE-2023-5689 WRITEUP MEDIUM WRITEUP
Modoboa < 2.2.2 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 5.4
CVE-2023-5690 WRITEUP HIGH WRITEUP
Modoboa < 2.2.2 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.
CVSS 8.8