yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00191 Percentile:
0.41372
CVSS Scoring
CVSS v2 Score: 7.2
Severity:
Mapped CWE(s)
CWE-78
: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
All CAPEC(s)
CAPEC-108: Command Line Execution through SQL Injection