The safe_eval function in trytond in Tryton prior to 2.4.15, 2.6.x prior to 2.6.14, 2.8.x prior to 2.8.11, 3.0.x prior to 3.0.7, and 3.2.x prior to 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tryton tryton |