RSS   Vulnerabilities for 'Netrik'   RSS

2006-12-20
 
CVE-2006-6678

 

 
The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

 


Copyright 2019, cxsecurity.com

 

Back to Top