Arbitrary Command Execution via Filename Conversion in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06

CVE-2002-0094

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

Learn more about our Web Application Penetration Testing UK.