1 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. git_http_controller.rb en el plugin redmine_git_hosting para Redmine permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en (1) el parámetro servicio a info/refs, relacionado a la función the get_info_refs o (2) el argumento reqfile a la función file_exists. • http://www.sec-1.com/blog/2013/redmine-git-hosting-plugin-remote-command-execution • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •