Vulnerabilities > CVE-2013-7392 - Arbitrary Command Execution vulnerability in GitList

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

gitlist

exploit available

NVD

Published: 2014-07-22

Updated: 2014-07-22

Summary

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. <a href="http://cwe.mitre.org/data/definitions/77.html" target="_blank">CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'</a>

Vulnerable Configurations

Part	Description	Count
Application	Gitlist Gitlist Gitlist -	1

Exploit-Db

description	Gitlist <= 0.4.0 - Remote Code Execution. CVE-2013-7392,CVE-2014-4511,CVE-2014-5023. Remote exploits for multiple platform
file	exploits/multiple/remote/33929.py
id	EDB-ID:33929
last seen	2016-02-03
modified	2014-06-30
platform	multiple
port
published	2014-06-30
reporter	drone
source	https://www.exploit-db.com/download/33929/
title	Gitlist <= 0.4.0 - Remote Code Execution
type	remote

description	Gitlist Unauthenticated Remote Command Execution. CVE-2013-7392,CVE-2014-4511. Remote exploits for multiple platform
file	exploits/multiple/remote/33990.rb
id	EDB-ID:33990
last seen	2016-02-03
modified	2014-07-07
platform	multiple
port	80
published	2014-07-07
reporter	metasploit
source	https://www.exploit-db.com/download/33990/
title	Gitlist Unauthenticated Remote Command Execution
type	remote

Summary

Vulnerable Configurations

Exploit-Db

References