The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
Software | From | Fixed in |
---|---|---|
chumby / chumby_one | - | 1.0.3.x |
chumby / chumby_one | 1.0.2 | 1.0.2.x |
chumby / chumby_classic | - | 1.7.1.x |
chumby / chumby_classic | 0.9 | 0.9.x |
chumby / chumby_classic | 1.1 | 1.1.x |
chumby / chumby_classic | 1.2 | 1.2.x |
chumby / chumby_classic | 1.4 | 1.4.x |
chumby / chumby_classic | 1.5 | 1.5.x |
chumby / chumby_classic | 1.6 | 1.6.x |
chumby / chumby_classic | 1.7 | 1.7.x |