HGiga C&Cmail is vulnerable to a privilege escalation vulnerability, which leading to execution of arbitrary OS commands via file parameter without authentication. The OS commands can executed for any user accessing the page without authentication. This vulnerability affects many mail system of governments, organizations and companies.
The injection point is file parameter in "cfg_download.php".
It allows remote attackers to execute arbitrary OS commands via file paramemer without authentication.
Remote attackers can execute OS Command without authentication and upload the webshell to the target server. The remote attacker can compromise target server.
http://[Target Domain]
/EIP/oll/admin/cfg_download.php
- Tony Kuo (CHT Security)