header-logo
Suggest Exploit
vendor:
GForge
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: GForge
Affected Version From: Prior to 4.0
Affected Version To: Prior to 4.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

GForge Remote Command Execution Vulnerability

GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13716/info

GForge is affected by a remote command execution vulnerability.

This issue arises because the application fails to sanitize user-supplied data passed through URI parameters.

An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.

GForge versions prior to 4.0 are vulnerable to this issue. 

GET /scm/viewFile.php?group_id=11&file_name=%0Auname%20-a;id;w%0a

Navigation

Suggest Exploit

Services By CQR