The hook_process function in the plugin API for WeeChat 0.3.0 up to and including 0.3.9.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flashtux weechat 0.3.9 |
||
flashtux weechat 0.3.1 |
||
flashtux weechat 0.3.2 |
||
flashtux weechat 0.3.9.1 |
||
flashtux weechat 0.3.4 |
||
flashtux weechat 0.3.0 |
||
flashtux weechat 0.3.1.1 |
||
flashtux weechat 0.3.7 |
||
flashtux weechat 0.3.8 |
||
flashtux weechat 0.3.6 |
||
flashtux weechat 0.3.3 |