Remote Command Execution

Open kevinhmn opened this issue 2 years ago • 0 comments

I recently stumbled upon CVE-2022-44019 and noticed that the fix implemented for it can be bypassed by using backticks. Backticks are used to execute a subcommand before the main command, as the shell evaluates the expression inside the backticks first.

Dec 07 '23 15:12 kevinhmn