Posted by Dawid Golunski on Jul 06

GNU Wget < 1.18 Arbitrary File Upload

URL: http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt

CVE-2016-4971

GNU Wget before 1.18 when supplied with a malicious URL (to a malicious or
compromised web server) can be tricked into saving an arbitrary remote file
supplied by an attacker, with arbitrary contents and filename under
the current directory and possibly other directories by writing to .wgetrc….