User-Assisted Code Execution Vulnerability in Newsbeuter Bookmarking Function

User-Assisted Code Execution Vulnerability in Newsbeuter Bookmarking Function

CVE-2017-12904 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

Learn more about our User Device Pen Test.