JVN#96957439
acmailer CGI and acmailer DB vulnerable to OS command injection
Overview
acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability.
Products Affected
- acmailer CGI ver.4.0.3 and earlier
- acmailer DB ver.1.1.5 and earlier
Description
acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability (CWE-78).
Impact
An arbitrary OS command may be executed by an attacker.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
The version fixing this vulnerability has been released on 2021.
This JVN is published responding to the developer's notification to JPCERT/CC on 2025 about the vulnerability and the product update information.
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-46686 |
| JVN iPedia |
JVNDB-2025-000013 |