CVE-2021-4466
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ipcop | ipcop | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
IPCop versions up to and including 2.1.9 have an authenticated remote code execution vulnerability in their web-based administration interface. Specifically, the email configuration component improperly handles user input in the EMAIL_PW parameter by inserting it directly into system-level commands without sanitization. An authenticated attacker can exploit this by including shell metacharacters in the email password field and triggering a save-and-test-mail action, allowing them to execute arbitrary operating system commands with the privileges of the web interface, potentially leading to full system compromise.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary operating system commands on the affected IPCop system with the privileges of the web interface. This can lead to full system compromise, including unauthorized access, data theft, system manipulation, or disruption of services.