CVE-2024-5400

EUVD-2024-46623
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
openfindmail2000
6.0
openfindmail2000
7.0
openfindmail2000
8.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
openfindmail2000
8.0 ≤
𝑥
< 8.0_patch_34
ADP
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-7819-9661a-1.html
https://www.twcert.org.tw/tw/cp-132-7819-9661a-1.html