2002-06-25 04:00:00
mitre
PUBLISHED
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the Compose Message page.