im-metadata up to and including 3.0.1 allows remote malicious users to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dnt im-metadata |