HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2007-2951

CVSS 9.3v2.0pub. 2007-06-26upd. 2026-04-23

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Kvirc Irc Client

    APP
    Kvirc
    3.2.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-1999-1351MEDIUM5.0ten sam produkt

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" op...

CVE-2010-2451HIGH10.0ten sam vendor

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact a...

CVE-2010-2452HIGH9.3ten sam vendor

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to ove...

CVE-2008-7070HIGH9.3ten sam vendor

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute ar...

CVE-2008-4748HIGH7.6ten sam vendor

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for process...