CVE-2018-1000533

Name of the Vulnerable Software and Affected Versions GitList versions <= 0.6

Description The issue arises from incorrectly sanitized input being passed to a system function in the searchTree function, allowing execution of arbitrary code as the PHP user. This can be exploited by sending a POST request using the search form.

Recommendations For GitList versions <= 0.6, update to version 0.7 or later to resolve the issue. As a temporary workaround, consider disabling the searchTree function until a patch is available. Restrict access to the search form to minimize the risk of exploitation.