The unofficial vscode-phpmd (aka PHP Mess Detector) extension prior to 1.3.0 for Visual Studio Code allows remote malicious users to execute arbitrary code via a crafted phpmd.command value in a workspace folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vscode-phpmd project vscode-phpmd |