CVE-2013-7392

Gitlist - Remote Code Execution via Shell Metacharacters in File Name

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-7392.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Gitlist <= 0.4.0 by crafting a malicious URL path that executes arbitrary commands via the `blame` functionality. The payload is base64-encoded and written to a PHP file in the cache directory, enabling remote code execution.

Description

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

Exploits (2)

exploitdb WORKING POC

pythonremotemultiple

https://www.exploit-db.com/exploits/33929

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Gitlist <= 0.4.0 by crafting a malicious URL path that executes arbitrary commands via the `blame` functionality. The payload is base64-encoded and written to a PHP file in the cache directory, enabling remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Gitlist <= 0.4.0

No auth needed

Prerequisites: Target must be running Gitlist <= 0.4.0 · Cache directory must be writable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/33990

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Gitlist 0.4.0 by crafting a malicious filename in a blame request, allowing arbitrary command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Gitlist 0.4.0

No auth needed

Prerequisites: Gitlist 0.4.0 instance accessible via HTTP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://hatriot.github.io/blog/2014/06/29/gitlist-rce/

Issue Tracking x_refsource_misc

https://github.com/klaussilveira/gitlist/issues/395

Scores

EPSS 0.0871

EPSS Percentile 92.7%

Details

Status published

Products (1)

gitlist/gitlist

Published Jul 22, 2014

Tracked Since Feb 18, 2026