CVE-2016-1142
CRITICALSeeds acmailer <3.8.21, <3.9.15 - Command Injection
Title source: llmDescription
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.acmailer.jp/info/de.cgi?id=64
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000002
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN50899877/index.html
Scores
CVSS v3
9.1
EPSS
0.0241
EPSS Percentile
82.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (15)
seeds/acmailer
3.9.0 beta
seeds/acmailer
3.9.1 beta
seeds/acmailer
3.9.2 beta
seeds/acmailer
3.9.3 beta
seeds/acmailer
3.9.4 beta
seeds/acmailer
3.9.5 beta
seeds/acmailer
3.9.6 beta
seeds/acmailer
3.9.7 beta
seeds/acmailer
3.9.8 beta
seeds/acmailer
3.9.9 beta
... and 5 more
Published
Jan 16, 2016
Tracked Since
Feb 18, 2026