The Battle for Wesnoth Project version 1.7.0 up to and including 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wesnoth the battle for wesnoth |