CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and previous versions allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fvwm fvwm |