2 matches found
UBUNTU-CVE-2022-33127
The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...
USN-4505-1 libphp-phpmailer vulnerability
Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...