1 results (0.004 seconds)
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-28927
https://notcve.org/view.php?id=CVE-2021-28927
07 Apr 2021 — The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. El motor de text-to-speech en libretro RetroArch para Windows versión 1.9.0 pasa la entrada no saneada a PowerShell mediante el archivo platform_win32.c por me... • http://libretro.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •