OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
CPE | Name | Operator | Version |
---|---|---|---|
bscw_classic | ge | 7.4.0 | |
bscw_classic | lt | 7.4.3 | |
bscw_classic | ge | 7.3.0 | |
bscw_classic | lt | 7.3.3 | |
bscw_classic | ge | 5.2.0 | |
bscw_classic | lt | 5.2.4 | |
bscw_classic | ge | 5.1.0 | |
bscw_classic | lt | 5.1.10 | |
bscw_classic | lt | 5.0.12 |