CVE-2010-0418
chumby_one < 1.0.3 and chumby_classic < 1.7.1 - OS Command Injection
Title source: llmDescription
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.chumby.com/pages/release10mar
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38972
Patch x_refsource_misc
http://www.awe.com/mark/blog/20100305.html
Scores
EPSS
0.0291
EPSS Percentile
85.3%
Details
CWE
CWE-78
Status
published
Products (10)
chumby/chumby_classic
0.9
chumby/chumby_classic
1.1
chumby/chumby_classic
1.2
chumby/chumby_classic
1.4
chumby/chumby_classic
1.5
chumby/chumby_classic
1.6
chumby/chumby_classic
1.7
chumby/chumby_classic
< 1.7.1
chumby/chumby_one
1.0.2
chumby/chumby_one
< 1.0.3
Published
Mar 10, 2010
Tracked Since
Feb 18, 2026