Unrated severityNVD Advisory· Published May 27, 2024· Updated Aug 1, 2024

Openfind Mail2000 - OS Command Injection

CVE-2024-5400

Description

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.

Affected products

Openfind/Mail2000llm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/tw/cp-132-7819-9661a-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000