Vulnerability Details CVE-2022-45639
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.7%
CVSS Severity
CVSS v3 Score 7.8
References
- http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html
- http://www.binaryworld.it/
- https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639
- http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html
- http://www.binaryworld.it/
- https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639
Products affected by CVE-2022-45639
-
cpe:2.3:a:sleuthkit:the_sleuth_kit:4.11.1