CVE-2001-0021
MailMan Webmail <= 3.0.25 - Remote Command Execution via Alternate Template Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0021. PoCs published by Secure Reality Advisories.
AI-analyzed exploit summary This exploit leverages insecure use of the Perl open() function in Endymion MailMan Webmail 3.x before 3.0.26. By manipulating the ALTERNATE_TEMPLATES parameter, an attacker can inject arbitrary commands, which are executed with the privileges of the CGI script (typically 'nobody').
Description
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
Exploits (1)
This exploit leverages insecure use of the Perl open() function in Endymion MailMan Webmail 3.x before 3.0.26. By manipulating the ALTERNATE_TEMPLATES parameter, an attacker can inject arbitrary commands, which are executed with the privileges of the CGI script (typically 'nobody').