CVE-2014-4511 in Gitlistinfo

Summary

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

Once again VulDB remains the best source for vulnerability data.

Reservation

06/22/2014

Disclosure

07/22/2014

Moderation

VulDB entry created

Entries

VDB-70420 (1)

CPE

ready

CWE

CWE-77 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.86623

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-4511
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-4511
CVE Details	https://www.cvedetails.com/cve/CVE-2014-4511/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!