Skip to main content

Gitlist

4 CVEs product

Monthly

CVE-2018-1000533 CRITICAL POC PATCH THREAT Act Now

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Gitlist
NVD GitHub
CVSS 3.1
9.8
EPSS
73.0%
CVE-2014-5023 MEDIUM POC This Month

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-4511 HIGH POC THREAT Act Now

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.6%
Threat
5.6
CVE-2013-7392 HIGH POC This Week

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlist
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
8.7%
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Gitlist
NVD GitHub
EPSS 4% CVSS 6.8
MEDIUM POC This Month

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gitlist
NVD Exploit-DB
EPSS 87% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Information Disclosure Gitlist
NVD Exploit-DB
EPSS 9% CVSS 7.5
HIGH POC This Week

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlist
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy