CVE-2010-0418

chumby_one < 1.0.3 and chumby_classic < 1.7.1 - OS Command Injection

Title source: llm
STIX 2.1

Description

The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.chumby.com/pages/release10mar
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38972

Scores

EPSS 0.0291
EPSS Percentile 85.3%

Details

CWE
CWE-78
Status published
Products (10)
chumby/chumby_classic 0.9
chumby/chumby_classic 1.1
chumby/chumby_classic 1.2
chumby/chumby_classic 1.4
chumby/chumby_classic 1.5
chumby/chumby_classic 1.6
chumby/chumby_classic 1.7
chumby/chumby_classic < 1.7.1
chumby/chumby_one 1.0.2
chumby/chumby_one < 1.0.3
Published Mar 10, 2010
Tracked Since Feb 18, 2026