OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-48503 | OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 02 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-04-02T14:57:34.486Z
Reserved: 2022-11-21T00:00:00.000Z
Link: CVE-2022-45639
Updated: 2024-08-03T14:17:03.789Z
Status : Modified
Published: 2023-01-24T02:15:09.817
Modified: 2025-04-02T15:15:47.780
Link: CVE-2022-45639
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD