Arbitrary Command Execution via URL in Canto Curses

Arbitrary Command Execution via URL in Canto Curses

CVE-2013-7416 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.

Learn more about our Cis Benchmark Audit For Server Software.