WeeChat 'hook_process()' Function Remote Shell Command Injection Vulnerability

WeeChat is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Versions prior to WeeChat 0.3.9.2 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus