Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.
Analysis
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.
Technical ContextAI
Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server. This vulnerability is classified as Unrestricted Upload of File with Dangerous Type (CWE-434).
RemediationAI
Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.
More in Fusionforge
View allThe Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parame
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_
Same technique File Upload
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| precise | ignored | end of life |
| trusty | DNE | - |
| upstream | released | 5.3+20140506-1 |
| vivid | DNE | - |
| wily | not-affected | 6.0.2+20150708-1 |
| xenial | not-affected | 6.0.2+20150708-1 |
| yakkety | not-affected | 6.0.2+20150708-1 |
| zesty | not-affected | 6.0.2+20150708-1 |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| squeeze | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 5.3+20140506-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2014-0506