Published: 2018/02/08  Last Updated: 2018/02/08

Information from futomi Co., Ltd.

Vulnerability ID:JVN#15462187
Title:MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

This is a statement from the vendor itself with no modification by JPCERT/CC.


MP Form Mail CGI eCommerce edition contains an OS command injection vulnerability. Remote attackers leveraging this vulnerability may be able to execute arbitrary OS command on the server in which this CGI is installed.

[Affected Products]

- MP From Mail CGI eCommerce Edition version 2.0.13 and earlier.


Update it to the latest version.