CVE-2007-2348

CVE-2007-2348 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

Learn more about our User Device Pen Test.