8.5

CVE-2007-6350

EPSS 0.84%
Published 14.12.2007 20:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Scponly ≫ Scponly Version <= 4.6

Scponly ≫ Scponly Version4.2

Scponly ≫ Scponly Version4.3

Scponly ≫ Scponly Version4.4

Scponly ≫ Scponly Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.84%	0.725

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148

http://bugs.gentoo.org/show_bug.cgi?id=201726

http://osvdb.org/44137

http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

http://secunia.com/advisories/28123

Vendor Advisory

http://secunia.com/advisories/28538

Vendor Advisory

http://secunia.com/advisories/28944

Vendor Advisory

http://secunia.com/advisories/28981

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200802-06.xml

http://www.debian.org/security/2008/dsa-1473

http://www.securityfocus.com/bid/26900

http://www.securitytracker.com/id?1019103

http://www.vupen.com/english/advisories/2007/4243

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html

https://nvd.nist.gov/vuln/detail/CVE-2007-6350

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6350

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6350

EUVD