Primary

Context

acmailer and acmailer DB OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in acmailer CGI versions through 4.0.3 and acmailer DB versions through 1.1.5. This vulnerability allows attackers to execute arbitrary operating system commands on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of OS commands, potentially allowing an attacker to access or modify sensitive information, such as email lists and login credentials.

Remediation

Users are advised to update acmailer CGI to version 4.0.4 or later and acmailer DB to version 1.1.6 or later. Instructions for downloading these versions are available on the acmailer website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

acmailer and acmailer DB OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Extra Innovation acmailer

Extra Innovation acmailer DB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating