CVE-2008-0932

The SWORD Project Diatheke < 1.5.9 - Remote Command Execution via Range Parameter

Title source: llm
STIX 2.1

Description

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.

References (13)

Core 13
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29012
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29115
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29181
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25400
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1508
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27874
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0670/references
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-06.xml
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=433723
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27987

Scores

EPSS 0.0290
EPSS Percentile 85.3%

Details

CWE
CWE-20
Status published
Products (2)
the_sword_project/diatheke_front_end < 1.5.9
the_sword_project/sword < 1.5.9
Published Feb 25, 2008
Tracked Since Feb 18, 2026