CVE-2014-6633
HIGHTryton <2.4.15, <2.6.14, <2.8.11, <3.0.7, <3.2.3 - Command Injection
Title source: llmDescription
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.tryton.org/posts/security-release-for-issue4155.html
Issue Tracking x_refsource_confirm
https://bugs.tryton.org/issue4155
Scores
CVSS v3
8.8
EPSS
0.0261
EPSS Percentile
83.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (3)
pypi/tryton
0 - 2.4.15PyPI
pypi/trytond
2.4.0 - 2.4.15PyPI
tryton/tryton
2.4.0 - 2.4.15
Published
Apr 12, 2018
Tracked Since
Feb 18, 2026