The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
References
Configurations
History
No history.
Information
Published : 2009-07-14 20:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1383
Mitre link : CVE-2009-1383
CVE.ORG link : CVE-2009-1383
JSON object : View
Products Affected
forkosh
- mathtex
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')