https://bugs.exim.org/show_bug.cgi?id=2118
Bug ID: 2118 Summary: sendmail -be and ${run} macro security problem Product: Exim Version: 4.89 Hardware: All OS: FreeBSD Status: NEW Severity: security Priority: medium Component: General execution Assignee: ni...@exim.org Reporter: t...@alkoholista.hu CC: exim-dev@exim.org I found this WordPress + Exim remote code execution exploit on exploit-db site. It uses "exim -be '${run...}'" to place payload on the remote system. https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##