sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x prior to 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ioquake3 ioquake3_engine |
||
worldofpadman world_of_padman 1.5 |
||
openarena openarena 0.8.x-15 |
||
openarena openarena 0.8.x-16 |