CVE-2012-5534

Name of the Vulnerable Software and Affected Versions WeeChat versions 0.3.0 through 0.3.9.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to shell expansion, by exploiting the hook process function in the plugin API.

Recommendations For WeeChat versions 0.3.0 through 0.3.9.1, consider disabling the hook process function until a patch is available to prevent exploitation. Restrict access to plugins that utilize the hook process function to minimize the risk of arbitrary command execution. Avoid using shell metacharacters in commands from plugins to reduce the risk of shell expansion issues.