Описание
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.4.0 (включая)
Одно из
cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlist:gitlist:0.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlist:gitlist:0.2:*:*:*:*:*:*:*
cpe:2.3:a:gitlist:gitlist:0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.84126
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 11 лет назад
Gitlist before 0.5.0 allows remote attackers to execute arbitrary comm ...
github
больше 3 лет назад
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
EPSS
Процентиль: 99%
0.84126
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other