CVE-2012-4548

Severity

60%

Complexity

68%

Confidentiality

106%

Per http://cwe.mitre.org/data/definitions/88.html'CWE-88: Argument Injection or Modification'

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

Per http://cwe.mitre.org/data/definitions/88.html'CWE-88: Argument Injection or Modification'

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

Lars Hjemli cgit

First reported 12 years ago

2012-11-11 13:00:00

Last updated 7 years ago

2017-08-29 01:32:00

Affected Software

Lars Hjemli cgit 0.1

0.1

Lars Hjemli cgit 0.2

0.2

Lars Hjemli cgit 0.3

0.3

Lars Hjemli cgit 0.4

0.4

Lars Hjemli cgit 0.5

0.5

Lars Hjemli cgit 0.6

0.6

Lars Hjemli cgit 0.6.1

0.6.1

Lars Hjemli cgit 0.6.2

0.6.2

Lars Hjemli cgit 0.6.3

0.6.3

Lars Hjemli cgit 0.7

0.7

Lars Hjemli cgit 0.7.1

0.7.1

Lars Hjemli cgit 0.7.2

0.7.2

Lars Hjemli cgit 0.8

0.8

Lars Hjemli cgit 0.8.1

0.8.1

Lars Hjemli cgit 0.8.1.1

0.8.1.1

Lars Hjemli cgit 0.8.2

0.8.2

Lars Hjemli cgit 0.8.2.1

0.8.2.1

Lars Hjemli cgit 0.8.2.2

0.8.2.2

Lars Hjemli cgit 0.8.3

0.8.3

Lars Hjemli cgit 0.8.3.1

0.8.3.1

Lars Hjemli cgit 0.8.3.2

0.8.3.2

Lars Hjemli cgit 0.8.3.3

0.8.3.3

Lars Hjemli cgit 0.8.3.4

0.8.3.4

Lars Hjemli cgit 0.8.3.5

0.8.3.5

Lars Hjemli cgit 0.9

0.9

Lars Hjemli cgit 0.9.0.1

0.9.0.1

Lars Hjemli cgit 0.9.0.2

0.9.0.2

References

http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd

openSUSE-SU-2012:1421

openSUSE-SU-2012:1422

openSUSE-SU-2012:1460

openSUSE-SU-2012:1461

50734

Vendor Advisory

51167

Vendor Advisory

51222

[oss-security] 20121027 CVE Request: cgit command injection

[oss-security] 20121028 Re: CVE Request: cgit command injection

56315

https://bugzilla.redhat.com/show_bug.cgi?id=870713

cgit-syntaxhighlighting-command-exec(79665)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.