### [CVE-2019-10149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149)
![](https://img.shields.io/static/v1?label=Product&message=exim&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78&color=brighgreen)

### Description

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

### POC

#### Reference
- http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Jun/16
- http://www.openwall.com/lists/oss-security/2021/05/04/7

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xdea/exploits
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AzizMea/CVE-2019-10149-privilege-escalation
- https://github.com/Brets0150/StickyExim
- https://github.com/Chris-dev1/exim.exp
- https://github.com/Diefunction/CVE-2019-10149
- https://github.com/Dilshan-Eranda/CVE-2019-10149
- https://github.com/MNEMO-CERT/PoC--CVE-2019-10149_Exim
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Stick-U235/CVE-2019-10149-Exploit
- https://github.com/aishee/CVE-2019-10149-quick
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/anquanscan/sec-tools
- https://github.com/area1/exim-cve-2019-10149-data
- https://github.com/bananaphones/exim-rce-quickfix
- https://github.com/cloudflare/exim-cve-2019-10149-data
- https://github.com/cowbe0x004/eximrce-CVE-2019-10149
- https://github.com/darsigovrustam/CVE-2019-10149
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dhn/exploits
- https://github.com/hackerhouse-opensource/exploits
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hyim0810/CVE-2019-10149
- https://github.com/rahmadsandy/EXIM-4.87-CVE-2019-10149
- https://github.com/x418x/libaz