CVE-2013-4663
redmine_git_hosting_plugin - Remote Command Execution via Shell Metacharacters in Service Parameter or Reqfile Argument
Title source: llmDescription
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://www.sec-1.com/blog/2013/redmine-git-hosting-plugin-remote-command-execution
Scores
EPSS
0.0194
EPSS Percentile
77.6%
Details
CWE
CWE-77
Status
published
Products (1)
redmine/redmine_git_hosting_plugin
Published
Dec 28, 2014
Tracked Since
Feb 18, 2026