Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-5023

Published: 22/07/2014 Updated: 22/07/2014
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gitlist

Vulnerability Summary

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.

Vulnerable Product Search on Vulmon Subscribe to Product

gitlist gitlist -

Exploits

Exploit DB: Gitlist 0.4.0 - Remote Code Execution
from commands import getoutput import urllib import sys """ Exploit Title: Gitlist <= 040 anonymous RCE Date: 06/20/2014 Author: drone (@dronesec) Vendor Homepage: gitlistorg/ Software link: s3amazonawscom/gitlist/gitlist-040targz Version: <= 040 Fixed in: 050 Tested on: Debian 7 More information: hatriot ...

References

NVD-CWE-Otherhttp://hatriot.github.io/blog/2014/06/29/gitlist-rce/https://nvd.nist.govhttps://www.exploit-db.com/exploits/33929/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook