Unrated severityNVD Advisory· Published Mar 27, 2010· Updated Apr 29, 2026
CVE-2010-1132
CVE-2010-1132
Description
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Affected products
1- cpe:2.3:a:georg_greve:spamassassin_milter_plugin:0.3.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.htmlnvdExploit
- www.exploit-db.com/exploits/11662nvdExploit
- www.securityfocus.com/bid/38578nvdExploit
- secunia.com/advisories/38840nvdVendor Advisory
- secunia.com/advisories/38956nvdVendor Advisory
- secunia.com/advisories/39265nvdVendor Advisory
- www.vupen.com/english/advisories/2010/0559nvdVendor Advisory
- www.vupen.com/english/advisories/2010/0683nvdVendor Advisory
- www.vupen.com/english/advisories/2010/0837nvdVendor Advisory
- bugs.debian.org/573228nvd
- lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.htmlnvd
- osvdb.org/62809nvd
- www.debian.org/security/2010/dsa-2021nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/56732nvd
- savannah.nongnu.org/bugs/nvd
News mentions
0No linked articles in our index yet.