https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #5 from Heiko Schlittermann <hs@???> ---
(In reply to Sandor Takacs from comment #0)
> I found this WordPress + Exim remote code execution exploit on exploit-db
> site. It uses "exim -be '${run...}'" to place payload on the remote system.
>
> https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-
> 10033.html
It's remote character is a Wordpress problem. A remote attacker can run
commands on the Wordpress site. Exim is one of the commands, but not the only
one. Probably an attacker can even run "cat", "touch" and so on. Where is the
vulnerability? Are "cat", "touch", and so on, no vulnerable? Or is Wordpress
vulnerable?
--
You are receiving this mail because:
You are on the CC list for the bug.