PT-2005-2724 · Gforge · Gforge

Filippo Spike Morelli

Published

2005-12-31

Updated

2016-10-18

CVE-2005-1752

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Gforge versions prior to 4.0

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the file name parameter of the viewFile.php file in the scm component.

Recommendations For versions prior to 4.0, consider restricting access to the viewFile.php file until a patch is available. As a temporary workaround, avoid using shell metacharacters in the file name parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1752

Affected Products

Gforge

PT-2005-2724 · Gforge · Gforge

CVE-2005-1752

Related Identifiers

Affected Products

References · 5