Описание
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
Ссылки
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 7.50 (исключая)
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01138
Низкий
2.6 Low
CVSS2
Дефекты
CWE-88
Связанные уязвимости
github
больше 3 лет назад
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
EPSS
Процентиль: 78%
0.01138
Низкий
2.6 Low
CVSS2
Дефекты
CWE-88