CVE-2001-0021

MailMan Webmail <= 3.0.25 - Remote Command Execution via Alternate Template Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0021. PoCs published by Secure Reality Advisories.

AI-analyzed exploit summary This exploit leverages insecure use of the Perl open() function in Endymion MailMan Webmail 3.x before 3.0.26. By manipulating the ALTERNATE_TEMPLATES parameter, an attacker can inject arbitrary commands, which are executed with the privileges of the CGI script (typically 'nobody').

Description

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Secure Reality Advisories · textremoteunix
https://www.exploit-db.com/exploits/20469

This exploit leverages insecure use of the Perl open() function in Endymion MailMan Webmail 3.x before 3.0.26. By manipulating the ALTERNATE_TEMPLATES parameter, an attacker can inject arbitrary commands, which are executed with the privileges of the CGI script (typically 'nobody').

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Endymion MailMan Webmail 3.x before 3.0.26
No auth needed
Prerequisites: Access to the vulnerable webmail interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www.endymion.com/products/mailman/history.htm
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2063
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5649

Scores

EPSS 0.1346
EPSS Percentile 96.0%

Details

Status published
Products (17)
endymion/mailman_webmail 3.0
endymion/mailman_webmail 3.0.1
endymion/mailman_webmail 3.0.10
endymion/mailman_webmail 3.0.11
endymion/mailman_webmail 3.0.12
endymion/mailman_webmail 3.0.13
endymion/mailman_webmail 3.0.14
endymion/mailman_webmail 3.0.15
endymion/mailman_webmail 3.0.16
endymion/mailman_webmail 3.0.18
... and 7 more
Published Feb 16, 2001
Tracked Since Feb 18, 2026