CVE: CVE-2008-2575

Export to Word

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0099
Percentile: 0.75914

CVSS Scoring

CVSS v2 Score: 6.8

Severity:

Mapped CWE(s)

CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

All CAPEC(s)

CAPEC-108: Command Line Execution through SQL Injection
CAPEC-15: Command Delimiters
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-6: Argument Injection
CAPEC-88: OS Command Injection

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:jcoppens:cbrpager:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

← Back to Home