CVE-2005-1752
Gforge - Remote Code Execution via scm viewFile.php file_name Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-1752. PoCs published by Filippo Spike Morelli.
AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in GForge by passing arbitrary shell commands via the 'file_name' URI parameter. The payload executes 'uname -a', 'id', and 'w' commands to confirm remote code execution.
Description
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
Exploits (1)
The exploit demonstrates a command injection vulnerability in GForge by passing arbitrary shell commands via the 'file_name' URI parameter. The payload executes 'uname -a', 'id', and 'w' commands to confirm remote code execution.