kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote malicious users to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.1 |
||
kdirstat project kdirstat 2.7.0 |