Uac
Monthly
Command injection in Unix-like Artifacts Collector (UAC) pre-3.3.0-rc1 enables arbitrary code execution through unsanitized placeholder substitution in the _run_command() pipeline. Attackers inject shell metacharacters via %line%, %user%, or %user_home% placeholders processed by foreach iterators and system file parsers, exploiting direct eval() execution without input validation. Exploitation requires local access with user interaction but no authentication, executing commands at UAC process privilege level. No public exploit identified at time of analysis.
Command injection in Unix-like Artifacts Collector (UAC) pre-3.3.0-rc1 enables arbitrary code execution through unsanitized placeholder substitution in the _run_command() pipeline. Attackers inject shell metacharacters via %line%, %user%, or %user_home% placeholders processed by foreach iterators and system file parsers, exploiting direct eval() execution without input validation. Exploitation requires local access with user interaction but no authentication, executing commands at UAC process privilege level. No public exploit identified at time of analysis.