SQL Injection in Debian Lintian
CVE-2009-4015
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
Vulnerability class: SQL Injection
EPSS: 0.039 (89.0th percentile) — read the EPSS interpretation.
Affected products
- Debian Lintian — versions 1.24.0, 1.23.22, 1.23.8
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)