CyberSec.Space Logo
Back to CVE Browser

CVE-2014-6633

HIGH
8.8
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile5.86th
PublishedApr 12, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.

Affected Platforms (CPE)

πŸ“¦
Tryton

Tryton

>= 2.4.0 and < 2.4.15
πŸ“¦
Tryton

Tryton

>= 2.6.0 and < 2.6.14
πŸ“¦
Tryton

Tryton

>= 2.8.0 and < 2.8.11
πŸ“¦
Tryton

Tryton

>= 3.0.0 and < 3.0.7
πŸ“¦
Tryton

Tryton

>= 3.2.0 and < 3.2.3

References & Advisories

πŸ”— http://www.tryton.org/posts/security-release-for-issue4155.html
πŸ”— https://bugs.tryton.org/issue4155
πŸ”— http://www.tryton.org/posts/security-release-for-issue4155.html
πŸ”— https://bugs.tryton.org/issue4155

Related Vulnerabilities

CVE-2013-45107.8

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers...

CVE-2019-108686.5

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 bef...

CVE-2020-370146.4

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to...

CVE-2018-194435.9

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circum...