Vulnerability Details : CVE-2018-1000533
Public exploit exists!
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.
Vulnerability category: Input validation
Products affected by CVE-2018-1000533
- cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000533
97.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-1000533
-
GitList v0.6.0 Argument Injection Vulnerability
Disclosure Date: 2018-04-26First seen: 2020-04-26exploit/multi/http/gitlist_arg_injectionThis module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. Authors: - Kacper Szurek - Shelby Pace
CVSS scores for CVE-2018-1000533
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-1000533
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000533
-
https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
Exploit/bypass PHP escapeshellarg/escapeshellcmd functions · security.szurek.plExploit;Third Party Advisory
-
https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322
Fixed RCE in git grep. · klaussilveira/gitlist@87b8c26 · GitHubPatch;Third Party Advisory
Jump to