CVE-2021-4466

UNKNOWN 0.0

IPCop <= 2.1.9 Authenticated RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, directly into system-level operations without proper input sanitation. By modifying the email password field to include shell metacharacters and issuing a save-and-test-mail action, an authenticated attacker can execute arbitrary operating system commands with the privileges of the web interface, resulting in full system compromise.

CWE	CWE-78
Vendor	ipcop project
Product	ipcop
Published	Nov 14, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for ipcop project ipcop

Be the first to know when new unknown vulnerabilities affecting ipcop project ipcop are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

IPCop Project / IPCop

0 ≤ 2.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50183 ipcop.org: https://www.ipcop.org/ sourceforge.net: https://sourceforge.net/projects/ipcop/ vulncheck.com: https://www.vulncheck.com/advisories/ipcop-authenticated-rce

Credits

Mücahit Saratar