Arbitrary Command Execution via Double Quotes in YAMT 0.5's id3tag_sort Function

Arbitrary Command Execution via Double Quotes in YAMT 0.5's id3tag_sort Function

CVE-2004-1302 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.

Learn more about our Web Application Penetration Testing UK.