Exploits / Vulnerability Discovered : 2023-04-03 |
Type : local |
Platform : multiple
This exploit / vulnerability Sleuthkit 4.11.1 command injection is for educational purposes only and if it is used you will do on your own risk!
fls tool is affected by command injection in parameter "-m" when run on
linux system.
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows
attackers to execute arbitrary commands
via a crafted value to the m parameter
when it run on linux, a user can insert in the -m parameter a buffer with
backtick with a shell command.
If it run with a web application as front end it can execute commands on
the remote server.
The function affected by the vulnerability is "tsk_fs_fls()" from the
"fls_lib.c" file