[原文]The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
tattle contains a flaw that may allow a remote attacker to execute arbitrary commands. This flaw exists because the 'getemails()' function does not validate certain log information before being used in a shell expression. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.