Summary
Gitlist is prone to remote code execution vulnerability.
Impact
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.
Solution
Update to Gitlist >= 0.5.0
Insight
An anonymous user could execute commands because of a complete lack of input sanitizatioin
Affected
Gitlist <= 0.4.0
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4511 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Arkeia Appliance Path Traversal Vulnerability
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability