CVE-2013-6829

PineApp Mail-SeCure - Remote Code Execution via Ping Host Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-6829. PoCs published by Dave Weinstein, juan vazquez, including Metasploit module exploits/linux/http/pineapp_test_li_conn_exec.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated RCE via crafted HTTP requests. The PoC includes detailed steps for privilege escalation to root by exploiting weak sudoers configuration.

Description

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.

Exploits (2)

exploitdb WORKING POC

remotelinux

https://www.exploit-db.com/exploits/29734

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated RCE via crafted HTTP requests. The PoC includes detailed steps for privilege escalation to root by exploiting weak sudoers configuration.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MailSecure <= 5099SK

No auth needed

Prerequisites: Network access to the target's admin interface on port 7443

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Dave Weinstein, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pineapp_test_li_conn_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in PineApp Mail-SeCure 3.70 via the test_li_connection.php component, which insecurely uses the system() PHP function. It retrieves a session cookie and injects a payload into the iptest parameter to achieve remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PineApp Mail-SeCure 3.70

No auth needed

Prerequisites: Network access to the target · SSL port 7443 open

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html

Scores

EPSS 0.7191

EPSS Percentile 98.8%

Details

CWE

CWE-94

Status published

Products (1)

pineapp/mail-secure

Published Nov 20, 2013

Tracked Since Feb 18, 2026