CVE-2024-32487

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-96
View all →

Vulnerability Description

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

Related Vulnerabilities

CVE-2015-2079

HIGH
CVSS:8.8(High)

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

CWE-962015

CVE-2022-43938

HIGH
CVSS:8.8(High)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prp...

CWE-962022

CVE-2024-55662

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user ca...

CWE-962024

CVE-2024-55877

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by addi...

CWE-962024

CVE-2022-0895

HIGH
CVSS:7.7(High)

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CWE-962022

CVE-2024-13265

HIGH
CVSS:7.5(High)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning...

CWE-962024