CVE-2010-2246
feh < 1.8 - Remote Code Execution via URL Shell Metacharacters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-2246. PoCs published by anonymous.
AI-analyzed exploit summary The exploit leverages a command injection vulnerability in feh via the --wget-timestamp option, allowing arbitrary command execution by embedding shell commands in the URL. The provided example demonstrates creating a file 'lol_hax' through command injection.
Description
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Exploits (1)
The exploit leverages a command injection vulnerability in feh via the --wget-timestamp option, allowing arbitrary command execution by embedding shell commands in the URL. The provided example demonstrates creating a file 'lol_hax' through command injection.