CVE-2013-4663

HIGH Year: 2013
CVSS v2 Score
7.5
High
Weakness Type
CWE-77
View all →

Vulnerability Description

git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.

Related Vulnerabilities

CVE-2024-51736

NONE
CVSS:0.0(None)

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it...

CWE-772024

CVE-2015-7541

CRITICAL
CVSS:10.0(Critical)

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metachara...

CWE-772015

CVE-2017-7722

CRITICAL
CVSS:10.0(Critical)

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploitin...

CWE-772017

CVE-2017-7876

CRITICAL
CVSS:10.0(Critical)

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bui...

CWE-772017

CVE-2018-16462

CRITICAL
CVSS:10.0(Critical)

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

CWE-772018

CVE-2020-27227

CRITICAL
CVSS:10.0(Critical)

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request...

CWE-772020