Description
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)
WordPress Plugin WP Review Slider SQL Injection (10.9)
WordPress Plugin FileBird-WordPress Media Library Folders & File Manager SQL Injection (4.7.3)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)
WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)