vendor:
GitStack
by:
Kacper Szurek, Jacob Robles
9.8
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: GitStack
Affected Version From: 2.3.10
Affected Version To: 2.3.10
Patch Exists: YES
Related CWE: CVE-2018-5955
CPE: a:gitstack:gitstack
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows
2018
GitStack Unsanitized Argument RCE
This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10.
Mitigation:
Upgrade to the latest version of GitStack
