https://bugs.exim.org/show_bug.cgi?id=2118
--- Comment #5 from Heiko Schlittermann <[email protected]> --- (In reply to Sandor Takacs from comment #0) > I found this WordPress + Exim remote code execution exploit on exploit-db > site. It uses "exim -be '${run...}'" to place payload on the remote system. > > https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016- > 10033.html It's remote character is a Wordpress problem. A remote attacker can run commands on the Wordpress site. Exim is one of the commands, but not the only one. Probably an attacker can even run "cat", "touch" and so on. Where is the vulnerability? Are "cat", "touch", and so on, no vulnerable? Or is Wordpress vulnerable? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
