Vulnerabilities > Backintime Project > Backintime > 1.1.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-08 | CVE-2017-16667 | OS Command Injection vulnerability in Backintime Project Backintime backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. | 9.3 |