CVE-2013-7392

This exploit leverages a command injection vulnerability in Gitlist <= 0.4.0 by crafting a malicious URL path that executes arbitrary commands via the `blame` functionality. The payload is base64-encoded and written to a PHP file in the cache directory, enabling remote code execution.

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Gitlist 0.4.0 by crafting a malicious filename in a blame request, allowing arbitrary command execution.