Remote Code Execution in Exim 4.85 through 4.92 (fixed in 4.92.1) via ${sort } Expansion
CVE-2019-13917 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Learn more about our Web Application Penetration Testing UK.