CVE-2021-46686

Summary

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker.

Affected Software

VendorProductVersion RangeStatus
Extra Innovation Inc.acmailer CGIver.4.0.3 and earlieraffected
Extra Innovation Inc.acmailer DBver.1.1.5 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References