CVE-2014-2527

Name of the Vulnerable Software and Affected Versions KDirStat versions prior to 2.7.5

Description The issue allows remote attackers to execute arbitrary commands, potentially leading to a breach of confidentiality, integrity, and availability of protected information. In KDirStat 2.7.0, the kcleanup.cpp file does not properly quote strings when deleting a directory. This can be exploited by including a " (double quote) character in the directory name, enabling the execution of arbitrary commands.

Recommendations For versions prior to 2.7.5, update to version 2.7.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the kcleanup.cpp function until a patch is available. Avoid using directory names that include special characters, such as ", in the affected API endpoint until the issue is resolved.