Vulnerability
Eyou Mail System is an e-mail system of China’s eYou company. The ‘get_login_ip_config_file’ function in Eyou Mail System versions prior to 3.6 has a security vulnerability. A remote attacker can use this vulnerability to execute arbitrary commands by sending the ‘domain’ parameter with shell metacharacters to the admin/domain/ip_login_set/d_ip_login_get.php file.
Mitigation / Precaution
The vulnerability has been patched by Eyou Mail System. We recommend you to check out the official site(http://www.eyou.com/) and upgrade the eYou E-Mail system to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
