CVE-2011-4542

Hastymail2 2.1.1 - Remote Code Execution via rs or rsargs[] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4542. PoCs published by Metasploit, Bruno Teixeira, juan vazquez, including Metasploit module exploits/unix/webapp/hastymail_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Hastymail 2.1.1 RC1 via insecure usage of `call_user_func_array()` in `lib/ajax_functions.php`. It authenticates, then injects a payload through the `passthru` function.

Description

Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/19758

This Metasploit module exploits a command injection vulnerability in Hastymail 2.1.1 RC1 via insecure usage of `call_user_func_array()` in `lib/ajax_functions.php`. It authenticates, then injects a payload through the `passthru` function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hastymail 2.1.1 RC1
Auth required
Prerequisites: Valid credentials for Hastymail · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Bruno Teixeira, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/hastymail_exec.rb

This Metasploit module exploits a command injection vulnerability in Hastymail 2.1.1 RC1 via insecure usage of `call_user_func_array()` in `lib/ajax_functions.php`. It authenticates with provided credentials and injects a payload through the `passthru` function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hastymail 2.1.1 RC1
Auth required
Prerequisites: Valid Hastymail credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48308
Various Sources x_refsource_misc
https://www.dognaedis.com/vulns/DGS-SEC-3.html

Scores

EPSS 0.7336
EPSS Percentile 98.8%

Details

CWE
CWE-89
Status published
Products (10)
hastymail/hastymail2 (12 CPE variants)
hastymail/hastymail2 1.0
hastymail/hastymail2 1.01
hastymail/hastymail2 1.1 rc1 (2 CPE variants)
hastymail/hastymail2 2.0 (7 CPE variants)
hastymail/hastymail2 2.0.1
hastymail/hastymail2 2.0.2
hastymail/hastymail2 2.0.3
hastymail/hastymail2 2.0.4
hastymail/hastymail2 2.0.5
Published Nov 30, 2011
Tracked Since Feb 18, 2026