Lynx 2.8.5, and other versions prior to 2.8.6dev.15, allows remote malicious users to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
university of kansas lynx 2.8.6 |
||
university of kansas lynx 2.8.6_dev13 |
||
university of kansas lynx 2.8.5 |