Arbitrary Command Execution via Filename Conversion in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06

Arbitrary Command Execution via Filename Conversion in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06

CVE-2002-0094 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

Learn more about our Web Application Penetration Testing UK.