Command Injection Vulnerability in mgetty

Command Injection Vulnerability in mgetty

CVE-2018-16741 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Learn more about our Web Application Penetration Testing UK.