Description
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Secure Reality Advisories · textremoteunix
https://www.exploit-db.com/exploits/20469
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.endymion.com/products/mailman/history.htm
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2063
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5649
Scores
EPSS
0.0954
EPSS Percentile
92.9%
Details
Status
published
Products (17)
endymion/mailman_webmail
3.0
endymion/mailman_webmail
3.0.1
endymion/mailman_webmail
3.0.10
endymion/mailman_webmail
3.0.11
endymion/mailman_webmail
3.0.12
endymion/mailman_webmail
3.0.13
endymion/mailman_webmail
3.0.14
endymion/mailman_webmail
3.0.15
endymion/mailman_webmail
3.0.16
endymion/mailman_webmail
3.0.18
... and 7 more
Published
Feb 16, 2001
Tracked Since
Feb 18, 2026