Описание
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.15.3-1sarge1build0.6.06.1 |
| devel | released | 1.15.3-1.1 |
| edgy | ignored | end of life, was needed |
| feisty | released | 1.15.3-1.1 |
| gutsy | released | 1.15.3-1.1 |
| hardy | released | 1.15.3-1.1 |
| intrepid | released | 1.15.3-1.1 |
| jaunty | released | 1.15.3-1.1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.5 High
CVSS2