The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
References
Configurations
History
21 Nov 2024, 01:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578 - | |
References | () http://secunia.com/advisories/35816 - Vendor Advisory | |
References | () http://www.ocert.org/advisories/ocert-2009-010.html - | |
References | () http://www.securityfocus.com/archive/1/504919/100/0/threaded - | |
References | () http://www.vupen.com/english/advisories/2009/1875 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/51795 - |
Information
Published : 2009-07-14 20:30
Updated : 2024-11-21 01:02
NVD link : CVE-2009-1383
Mitre link : CVE-2009-1383
CVE.ORG link : CVE-2009-1383
JSON object : View
Products Affected
forkosh
- mathtex
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')