The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-12-21T01:00:00
Updated: 2007-01-30T10:00:00
Reserved: 2006-12-20T00:00:00
Link: CVE-2006-6678
JSON object: View
NVD Information
Status : Modified
Published: 2006-12-21T01:28:00.000
Modified: 2011-03-08T02:46:46.237
Link: CVE-2006-6678
JSON object: View
Redhat Information
No data.
CWE