Description
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
WordPress Plugin Advanced AJAX Page Loader Cross-Site Request Forgery (2.7.7)
FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)