Published: 2021/01/14  Last Updated: 2021/01/14

Information from Seeds Co.,Ltd.

Vulnerability ID:JVN#35906450
Title:Multiple vulnerabilities in acmailer
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

An access restriction and privilege escalation vulnerability exists in acmailer.

Products Affected
acmailer ver. 4.0.2 and earlier
acmailer DB ver. 1.1.4 and earlier

Description
Administrator privileges, sensitive information on the server, and arbitrary OS commands can be stolen by a third party.

Solution
Update the software
acmailer ver. 4.0.3 or higher
acmailer DB ver. 1.1.5 or higher

Apply workaround
Delete this file in the directory directly under the product.
init_ctl.cgi
enq_detail.cgi
enq_detail_mail.cgi
enq_edit.cgi
enq_form.cgi
enq_list.cgi