CVE-2010-2445

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
08/07/2010
Last modified:
11/04/2025

Description

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:freeciv:freeciv:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:freeciv:freeciv:2.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:freeciv:freeciv:2.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:freeciv:freeciv:2.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:freeciv:freeciv:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:freeciv:freeciv:2.3.0:dev:*:*:*:*:*:*