CVE-2018-18649

CRITICAL

GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Remote Code Execution via Wiki API

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18649. PoCs published by Snowming04.

AI-analyzed exploit summary This PoC exploits CVE-2018-18649, a remote command execution vulnerability in GitLab's Wiki API. It allows an attacker to either read arbitrary files or execute a reverse shell by manipulating the file upload functionality.

Description

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

Exploits (1)

nomisec WORKING POC 4 stars

by Snowming04 · poc

https://github.com/Snowming04/CVE-2018-18649

View Code ZIP pw:eip

This PoC exploits CVE-2018-18649, a remote command execution vulnerability in GitLab's Wiki API. It allows an attacker to either read arbitrary files or execute a reverse shell by manipulating the file upload functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GitLab (versions affected by CVE-2018-18649)

Auth required

Prerequisites: Valid private token with sufficient privileges · Network access to the target GitLab instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link, Vendor Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/gitlab-ce/issues/53072

Vendor Advisory x_refsource_confirm

https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/

Scores

CVSS v3 9.8

EPSS 0.0673

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

gitlab/gitlab 11.3.0 - 11.3.8 (2 CPE variants)

Published Nov 29, 2018

Tracked Since Feb 18, 2026