{"id":"CVE-2003-1308","details":"CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.","modified":"2026-04-10T03:36:21.175880Z","published":"2003-12-31T05:00:00Z","references":[{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/9161"},{"type":"FIX","url":"http://www.securityfocus.com/bid/9161"},{"type":"WEB","url":"http://www.fvwm.org/news/"}],"schema_version":"1.7.5"}