Vulnerability Details : CVE-2012-2085
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
Products affected by CVE-2012-2085
- cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.5:alpha1:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:gajim:gajim:0.14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2085
1.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2085
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2085
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2085
-
http://www.openwall.com/lists/oss-security/2012/04/08/1
oss-security - CVE request: gajim - code execution and sql injection
-
http://security.gentoo.org/glsa/glsa-201208-04.xml
Gajim: Multiple vulnerabilities (GLSA 201208-04) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2012/04/08/2
oss-security - Re: CVE request: gajim - code execution and sql injection
-
https://trac.gajim.org/ticket/7031
remote code execution (#7031) · Issues · gajim / gajim · GitLab
-
https://trac.gajim.org/changeset/bc296e96ac10
Sign in · GitLabExploit;Patch
-
http://www.securityfocus.com/bid/52943
Gajim SQL Injection and Code Execution Vulnerabilities
Jump to