Remote attackers could trick users into assisting them in executing arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action (CVE-2016-10081).
{ "section": "core" }
"https://advisories.mageia.org/MGASA-2017-0292.json"