7 matches found
CVE-2025-61489
A command injection vulnerability in the shellexec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string...
CVE-2025-61489
A command injection vulnerability in the shellexec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string...
CVE-2025-61489
A command injection vulnerability in the shellexec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string...
PT-2026-1825
Name of the Vulnerable Software and Affected Versions sonirico mcp-shell version 0.3.1 Description A command injection issue exists in the shell exec function. An attacker can execute arbitrary commands by providing a specially crafted command string. The issue affects the shell exec function...
CVE-2025-61489
A command injection vulnerability in the shellexec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string...
mcp-shell 安全漏洞
mcp-shell is a contextual protocol server from Marquitos Personal Developers. A security vulnerability exists in mcp-shell version 0.3.1, which stems from a command injection in the shellexec function that could lead to the execution of arbitrary commands...
CVE-2025-61489
Affects: sonirico mcp-shell v0.3.1. Issue: command injection in the shell_exec function allows an attacker to execute arbitrary commands by supplying a crafted command string. Details across sources confirm the vulnerable component and the root cause as a shell_exec command handling flaw. Impact:...