Usermin Email Signature Command Injection Exploit

The Usermin Control Panel is vulnerable to command injection due to the function get_signature in usermin/mailbox/mailbox-lib.pl, which calls open() without any prior validation. This vulnerability allows authenticated users to execute arbitrary code on the affected Usermin versions.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-2079
Product Version: 
2014_R2
Released Date: 
Friday, August 14, 2015 - 00:00