The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
Max CVSS
7.5
EPSS Score
0.48%
Published
2006-12-21
Updated
2011-03-08
1 vulnerabilities found