Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote malicious users to execute arbitrary commands via a crafted file name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
midnight-commander midnight commander 4.8.5 |