PT-2019-6893 · Fileutil · Fileutils

Larry W. Cashdollar

Published

2019-02-15

Updated

2022-05-14

CVE-2013-2516

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fileutils versions prior to 0.7.1

Description The issue concerns a Command Injection vulnerability. It occurs when a user-supplied url variable is passed to the shell, allowing for potential command injection.

Recommendations For versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of user-supplied url variables in the affected function until a patch is available. Avoid using the url variable in the affected API endpoint until the issue is resolved.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2013-2516

GHSA-9X97-X2P9-HVPF

Affected Products

Fileutils

PT-2019-6893 · Fileutil · Fileutils

CVE-2013-2516

Weakness Enumeration

Related Identifiers

Affected Products

References · 8