CVE-2013-4376

x2go_server < 4.0.0.2 - Remote Code Execution via SQLite Wrapper Path

Title source: llm
STIX 2.1

Description

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201310-19.xml
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/25/11
Vendor Advisory mailing-list x_refsource_mlist
https://lists.berlios.de/pipermail/x2go-announcement/2013-May/000125.html

Scores

EPSS 0.0275
EPSS Percentile 84.4%

Details

CWE
CWE-94
Status published
Products (2)
x2go/x2go_server 4.0.0.0
x2go/x2go_server < 4.0.0.1
Published Dec 09, 2013
Tracked Since Feb 18, 2026