CVE-2014-0468

EPSS 0.18%
Published 26.06.2025 20:39:24
Last modified 06.08.2025 16:34:59
Source security@debian.org
CVE-Watchlists
Login
Open
Login

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that 
the users would have uploaded in their raw SCM repositories (SVN, Git, 
Bzr...). This issue affects fusionforge: before 5.3+20140506.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Fusionforge ≫ Fusionforge Version < 5.3\+20140506.

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Broken Link

https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2014-0468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0468

EUVD