漏洞描述
smtp_mailaddr在OpenSMTPD 6.6 smtp_session.c,如在OpenBSD的6.6和其它产品中使用的,允许远程攻击者通过制作SMTP会话执行任意命令为根,通过在MAIL FROM字段shell字符所证明。这会影响“注释掉”默认配置。这个问题的存在,因为在输入验证失败的不正确的返回值。
OpenSMTPD < 6.6.2 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-16248: Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
- POC CVE-2025-56132: LiquidFiles < 4.2 - User Enumeration via Password Reset
- POC CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
- POC CVE-2020-26935: phpMyAdmin < 5.0.3 - SQL Injection
- POC CVE-2020-5722: Grandstream UCM6200 - SQL Injection
- POC CVE-2021-21246: OneDev < 4.0.3 - User Access Token Leak
- POC CVE-2022-41697: Ghost CMS - User Enumeration
- POC CVE-2022-4223: pgAdmin < 6.17 - Unauthenticated Remote Code Execution
- POC CVE-2025-3472: Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-52694: Advantech WISE-IoTSuite/SaaS - SQL Injection
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2025-66472: XWiki DeleteApplication - Cross-Site Scripting