CVE-2018-1000533

CRITICAL NUCLEI

klaussilveira GitList <=0.6 - RCE

Title source: llm

Description

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Kacper Szurek, Shelby Pace · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gitlist_arg_injection.rb

View Code ZIP pw:eip

Nuclei Templates (1)

GitList < 0.6.0 Remote Code Execution

CRITICALby pikpikcu

Shodan: cpe:"cpe:2.3:a:gitlist:gitlist"

References (2)

[Patch, Third Party Advisory] https://github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322

[Exploit, Third Party Advisory] https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html

Scores

CVSS v3 9.8

EPSS 0.9243

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20

Status published

Affected Products (1)

gitlist/gitlist < 0.6.0

Timeline

Published Jun 26, 2018

Tracked Since Feb 18, 2026