Maarch Courrier 21.03, 2nd order cmd injecton to RCE Jul 16, 2023 This article discusses a critical remote code execution (RCE) vulnerability in the Maarch Courrier software, an electronic correspondence and document management system. The vulnerability, found during a white-box code review session, allows an attacker with administrator access to execute arbitrary commands on the server. The exploit involves command injection through improperly sanitized user inputs in the administration settings of the software. Detailed analysis, including proof of concept and the method of exploitation through the software's REST API, is provided.