9 matches found
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
Bypass to Remote Command Execution in uploading repository file
Description I find a bypass for CVE-2022-0415 and previous fixs. In the fix of CVE-2022-0415, gogs filter /.git/ by strings.HasSuffix and strings.Contains. However, use /.Git/ can bypass this and upload successfully Proof of Concept Create a repository in Gogs, upload a file config to the...
Gogs File Upload Command Injection (CVE-2022-0415)
A command injection vulnerability exists in Gogs File Upload. Successful exploitation of this vulnerability could result in code execution on the affected system...
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
CVE-2022-0415 Remote Command Execution in uploading repository file in gogs/gogs
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
CVE-2022-0415 Remote Command Execution in uploading repository file in gogs/gogs
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...
CVE-2022-0415
Gogs (Go Git Service) before version 0.12.6 is vulnerable to Remote Command Execution via uploading a repository file. The issue allows an attacker to execute arbitrary commands on the server through the repository upload process in gogs/gogs, potentially leading to full system compromise. The fi...