Arbitrary Command Execution Vulnerability in C.J. Steele Tattle's getemails Function

Arbitrary Command Execution Vulnerability in C.J. Steele Tattle's getemails Function

CVE-2005-1960 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.

Learn more about our User Device Pen Test.