The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-23T19:46:41
Updated: 2024-08-04T13:15:20.602Z
Reserved: 2020-07-01T00:00:00
Link: CVE-2020-15477
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-23T20:15:11.693
Modified: 2024-11-21T05:05:35.690
Link: CVE-2020-15477
Redhat
No data.