Description
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)
Moodle Improper Privilege Management Vulnerability (CVE-2018-1134)
Oracle Database Server CVE-2010-2391 Vulnerability (CVE-2010-2391)
WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1)