CVE-2005-0015
sword - missing input sanitising
EPSS 1.1%
Description
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
How to fix CVE-2005-0015
To remediate CVE-2005-0015, upgrade the affected package to a fixed version below.
- Debian/sword—upgrade to 1.5.7-7 or later
- Debian/sword—upgrade to 1.5.3-3woody2 or later
Is CVE-2005-0015 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.5.7-7
- from 0, < 1.5.3-3woody2