mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-24 18:40:30 +01:00
843 B
843 B
CVE-2016-6185
Description
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- https://rt.cpan.org/Public/Bug/Display.html?id=115808