CVE-2010-0934

Name of the Vulnerable Software and Affected Versions Perforce Server version 2008.1

Description The issue allows remote authenticated users with super privileges to execute arbitrary operating-system commands. This is achieved by using a "p4 client" command in conjunction with the form-in trigger script.

Recommendations For Perforce Server version 2008.1, consider restricting access to the triggers functionality to prevent exploitation, and limit the use of the form-in trigger script to necessary cases only. As a temporary workaround, review and restrict the privileges of super users to minimize the risk of arbitrary command execution.