cbcvebase.
CVE-2006-5925
published 2006-11-15

CVE-2006-5925: Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb://…

PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.05%
94.1th percentile
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianelinks< elinks 0.11.1-1.2 (bookworm)elinks 0.11.1-1.2 (bookworm)
debianlinks2< elinks 0.11.1-1.2 (bookworm)elinks 0.11.1-1.2 (bookworm)
elinkselinks
elinkselinks>= 0 < 0.11.1-1.20.11.1-1.2
elinkselinks>= 0 < 0.11.1-1.20.11.1-1.2
elinkselinks>= 0 < 0.11.1-1.20.11.1-1.2
elinkselinks>= 0 < 0.11.1-1.20.11.1-1.2
linkslinks

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.