CVE-2013-6830

PineApp Mail-SeCure 3.70 and earlier on 5099SK - Remote Code Execution via nsserver Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6830.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated RCE via the `nsserver` parameter in a crafted HTTP request. It also details privilege escalation to root via sudo misconfiguration.

Description

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.

Exploits (1)

exploitdb WORKING POC

remotelinux

https://www.exploit-db.com/exploits/29734

View Code ZIP pw:eip

The exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated RCE via the `nsserver` parameter in a crafted HTTP request. It also details privilege escalation to root via sudo misconfiguration.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MailSecure <= 5099SK

No auth needed

Prerequisites: Network access to the vulnerable MailSecure admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0139.html

Scores

EPSS 0.0893

EPSS Percentile 94.6%

Details

CWE

CWE-94

Status published

Products (1)

pineapp/mail-secure_5099sk < -

Published Nov 20, 2013

Tracked Since Feb 18, 2026