Potential for arbitrary code execution
ghaspias opened this issue · 0 comments
ghaspias commented
The code in this line is a potential vulnerability, if we load some data file with malicious content...
Line 261 in 0a39346
loadjson('{"root": [dir]}') executes Matlab code dir...
loadjson('{"root": [system(...)]}') executes system commands!!!
Loading the file below will launch notepad.exe... (remove .log extension)
vuln_test.json.log