The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
source: wwwsecurityfocuscom/bid/1469/info
Cvsweb 180 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine The code that is being exploited here is the following: open($fh, "rlog '$filenames' 2>/dev/null |")
An attack ...