VULHUB ™

The value of the 'emailadd' variable in Ranson Johnson's Combination Mail-to and Credit Card Orderform is used in conjunction with a piped open. This value is supplied by users filling out the form. This opens up the possibility of remote command execution with the privilege level of the web server by entering specially crafted values into the 'emailadd' field on the form.

The value of the 'emailadd' variable in Ranson Johnson's Combination Mail-to and Credit Card Orderform is used in conjunction with a piped open. This value is supplied by users filling out the form. This opens up the possibility of remote command execution with the privilege level of the web server by entering specially crafted values into the 'emailadd' field on the form.