CVE-2013-6831

PineApp Mail-SeCure 3.70 and earlier on 5099SK - Privilege Escalation via Sudoers Misconfiguration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6831. PoCs published by Ruben Garrote García.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated remote code execution via crafted HTTP requests. It also details privilege escalation to root via weak sudoers configuration.

Description

PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ruben Garrote García · textremotelinux
https://www.exploit-db.com/exploits/29734

The exploit demonstrates a command injection vulnerability in MailSecure's admin interface, allowing unauthenticated remote code execution via crafted HTTP requests. It also details privilege escalation to root via weak sudoers configuration.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MailSecure <= 5099SK
No auth needed
Prerequisites: Network access to the target's admin interface on port 7443
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0101
EPSS Percentile 59.0%

Details

CWE
CWE-264
Status published
Products (1)
pineapp/mail-secure_5099sk < -
Published Nov 20, 2013
Tracked Since Feb 18, 2026