Description
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by auto22238 · textlocallinux
https://www.exploit-db.com/exploits/23414
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://www.fvwm.org/news/
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9161
Scores
EPSS
0.0059
EPSS Percentile
69.3%
Details
Status
published
Products (1)
fvwm/fvwm
< 2.4.17
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026