11 lines
No EOL
489 B
Text
11 lines
No EOL
489 B
Text
source: https://www.securityfocus.com/bid/13716/info
|
|
|
|
GForge is affected by a remote command execution vulnerability.
|
|
|
|
This issue arises because the application fails to sanitize user-supplied data passed through URI parameters.
|
|
|
|
An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.
|
|
|
|
GForge versions prior to 4.0 are vulnerable to this issue.
|
|
|
|
GET /scm/viewFile.php?group_id=11&file_name=%0Auname%20-a;id;w%0a |