CVE-2013-4987

PineApp Mail-SeCure <3.70 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4987. PoCs published by Core Security.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in PineApp Mail-SeCure's console interface to escalate privileges to root. The PoC demonstrates executing a shell via the 'system ping' command with a crafted payload.

Description

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textlocallinux

https://www.exploit-db.com/exploits/28680

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in PineApp Mail-SeCure's console interface to escalate privileges to root. The PoC demonstrates executing a shell via the 'system ping' command with a crafted payload.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: PineApp Mail-SeCure Suite versions prior to 3.70

Auth required

Prerequisites: Access to a Mail-SeCure console with a valid user account

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://www.coresecurity.com/advisories/pinapp-mail-secure-access-control-failure

Scores

EPSS 0.0299

EPSS Percentile 85.6%

Details

CWE

CWE-264

Status published

Products (1)

pineapp/mail-secure < 3.69

Published Nov 08, 2013

Tracked Since Feb 18, 2026