vendor:
Redmine
by:
joernchen
N/A
CVSS
N/A
Arbitrary Command Execution
78
CWE
Product Name: Redmine
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: OSVDB-70090
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unix
2011
Redmine SCM Repository Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.
Mitigation:
No mitigation or remediation for this vulnerability