Description
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
Remediation
References
Related Vulnerabilities
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-12171)
Jboss EAP Improper Input Validation Vulnerability (CVE-2014-0034)
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.50)