CVE-2018-1000533
- EPSS 92.43%
- Veröffentlicht 26.06.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:40:08
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request ...
CVE-2014-5023
- EPSS 4.06%
- Veröffentlicht 22.07.2014 14:55:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
CVE-2014-4511
- EPSS 84.13%
- Veröffentlicht 22.07.2014 14:55:09
- Zuletzt bearbeitet 12.04.2025 10:46:40
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stat...
CVE-2013-7392
- EPSS 9.31%
- Veröffentlicht 22.07.2014 14:55:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.