| Title | statmt mosesdecoder 4.0 RCE |
|---|
| Description | Specific security risks exist here: https://github.com/moses-smt/mosesdecoder/blob/master/contrib/iSenWeb/trans_result.php
the 'echo $value | nc x.x.x.x 1986' Will cause command execution splicing, like this: 'input1=;ls'
Improper user input handling leads to risk of external command execution.
|
|---|
| Source | ⚠️ https://github.com/moses-smt/mosesdecoder/issues/237 |
|---|
| User | ebwill (UID 58930) |
|---|
| Submission | 11/24/2023 08:11 (3 years ago) |
|---|
| Moderation | 11/26/2023 16:16 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 246135 [moses-smt mosesdecoder up to 4.0 trans_result.php input1 os command injection] |
|---|
| Points | 18 |
|---|