VULHUB ™

A remote command execution vulnerability has been discovered in vpopmail-CGIApps v0.2. Due to insufficient sanitization of user-supplied input in vpasswd.cgi, it is possible to pass malicious commands to the os.system() function. Exploiting this issue allows a remote attacker to execute arbitrary system commands with the permissions of the web server.

A remote command execution vulnerability has been discovered in vpopmail-CGIApps v0.2. Due to insufficient sanitization of user-supplied input in vpasswd.cgi, it is possible to pass malicious commands to the os.system() function. Exploiting this issue allows a remote attacker to execute arbitrary system commands with the permissions of the web server.