c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Capi4hylafax | Julian_pawlowski | 01.02.03 (including) | 01.02.03 (including) |