Improper input validation in Gentoo Xdg-utils
CVE-2008-0386
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.032 (86.4th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Xdg-utils
- Mandrakesoft Mandrake_linux — versions 2007.1, 2008.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Broken Link)
- cve@mitre.org (x_refsource_CONFIRM, Exploit)
- cve@mitre.org (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Exploit)
- cve@mitre.org (Third Party Advisory, vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Exploit)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)