admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-51698.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-51698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51698)
![](https://img.shields.io/static/v1?label=Product&message=atril&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%201.26.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
### Description
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
### POC
#### Reference
Update CVE sources 2024-06-07 17:53
2024-06-07 17:53:02 +00:00
- https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
- https://github.com/febinrev/atril_cbt-inject-exploit
Reference in New Issue Copy Permalink