CVE-2015-7698

Name of the Vulnerable Software and Affected Versions icewind1991 SMB versions prior to 1.0.3

Description The issue exists due to the lack of neutralization of special elements used in operating system commands. This allows a remote attacker to execute arbitrary SMB commands using special metacharacters in user arguments. Specifically, the listShares function in Server.php and the connect or read functions in Share.php are vulnerable to shell metacharacters in the user argument.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the listShares function in Server.php and the connect or read functions in Share.php to minimize the risk of exploitation. Avoid using metacharacters in the user argument in the affected API endpoints until the issue is resolved.