Vulnerabilities > CVE-2014-5023 - Unspecified vulnerability in Gitlist

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gitlist

exploit available

NVD

Published: 2014-07-22

Updated: 2024-11-21

Summary

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.

Vulnerable Configurations

Part	Description	Count
Application	Gitlist Gitlist Gitlist -	1

Exploit-Db

description	Gitlist <= 0.4.0 - Remote Code Execution. CVE-2013-7392,CVE-2014-4511,CVE-2014-5023. Remote exploits for multiple platform
file	exploits/multiple/remote/33929.py
id	EDB-ID:33929
last seen	2016-02-03
modified	2014-06-30
platform	multiple
port
published	2014-06-30
reporter	drone
source	https://www.exploit-db.com/download/33929/
title	Gitlist <= 0.4.0 - Remote Code Execution
type	remote

Summary

Vulnerable Configurations

Exploit-Db

References