header-logo
Suggest Exploit
vendor:
fvwm_make_browse_menu.sh
by:
SecurityFocus
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: fvwm_make_browse_menu.sh
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

FVWM fvwm_make_browse_menu.sh Command Execution Vulnerability

It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename. An attacker may be able to leverage this issue to cause arbitrary commands to be executed with the privileges of a victim user.

Mitigation:

Users should avoid running the FVWM fvwm_make_browse_menu.sh script with untrusted input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9922/info

It has been reported that the FVWM fvwm_make_browse_menu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execute the file via its filename.

An attacker may be able to leverage this issue to cause arbitrary commands to be executed with the privileges of a victim user.

$ touch 'Exec xmessage "0wn3d"'

Navigation

Suggest Exploit

Services By CQR