cbcvebase.
CVE-2013-6829
published 2013-11-20

CVE-2013-6829: admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter…

PriorityP276high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
78.34%
99.5th percentile
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.

Detection & IOCsextracted from sources · hover to see the quote

path/admin/confnetworking.html
path/srv/www/htdocs/admin/confnetworking.html
urlhttps://192.168.24.24:7443/admin/confnetworking.html?cmd=nslookup&hostip=&nstype=any&nsserver=www.google.es;%20cat%20/etc/shadow
port7443
pathtest_li_connection.php
commandcmd=nslookup&hostip=&nstype=any&nsserver=www.google.es;<PAYLOAD>
  • Detect unauthenticated HTTP GET requests to /admin/confnetworking.html containing shell metacharacters (semicolons) in the nsserver or pinghost parameters, indicative of command injection attempts.
  • Alert on requests to /admin/confnetworking.html on port 7443 where query parameters contain URL-encoded semicolons (%3B or literal ;) followed by shell commands such as wget, cat, chmod, or echo.
  • Monitor for creation or modification of /tmp/rc.firewall, which is abused for privilege escalation to root via a weak sudoers configuration.
  • Detect SSH connections on non-standard port 7022 to the appliance, which may indicate post-exploitation root access following the SSH key injection technique described in the exploit.
  • Flag HTTP requests targeting test_li_connection.php on PineApp Mail-SeCure, as this endpoint is exploited via insecure use of the system() PHP function for arbitrary command execution.
  • ·The exploit proof-of-concept uses a hardcoded private IP (192.168.24.24); real-world attacks will use the actual appliance IP. Detection rules should not rely on this specific IP.
  • ·The vulnerability in confnetworking.html requires no authentication, meaning network-level access controls (firewall rules restricting port 7443) are the primary mitigation if patching is not possible.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.