cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 9 |
| fedoraproject | fedora | 7 |
| jcoppens | cbrpager | * |
| fedoraproject | fedora | 8 |