EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.
CPE | Name | Operator | Version |
---|---|---|---|
eprints3.4 | eq | 3.4.1-rc2 | |
eprints3.4 | eq | 3.4.2-rc1 | |
eprints3.4 | eq | 3.4.2 | |
eprints3.4 | eq | 3.4.2-rc3 | |
eprints3.4 | eq | 3.4.0 | |
eprints3.4 | eq | 3.4.1 | |
eprints3.4 | eq | 3.4.2-rc2 | |
eprints3.4 | eq | 3.4.0-rc1 |