EYou E-Mail system RCE

Manieendar Mohan
Published on
16 Jun 2021

Eyou Mail System is an e-mail system of China’s eYou company. The ‘get_login_ip_config_file’ function in Eyou Mail System versions prior to 3.6 has a security vulnerability. A remote attacker can use this vulnerability to execute arbitrary commands by sending the ‘domain’ parameter with shell metacharacters to the admin/domain/ip_login_set/d_ip_login_get.php file.

Mitigation / Precaution

The vulnerability has been patched by Eyou Mail System. We recommend you to check out the official site(http://www.eyou.com/) and upgrade the eYou E-Mail system to the latest version.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment