CVE-2007-0246

NameCVE-2007-0246
Descriptionplugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1297-1
NVD severitymedium (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gforge-plugin-scmcvssource(unstable)4.5.14-6medium
gforge-plugin-scmcvssourceetch4.5.14-5etch1mediumDSA-1297-1

Search for package or bug name: Reporting problems