CVE-2018-5955

CRITICAL

GitStack <2.3.10 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2018-5955. PoCs published by Metasploit, SecuriTeam, YagamiiLight, including Metasploit module auxiliary/admin/http/gitstack_rest.

AI-analyzed exploit summary This Metasploit module exploits CVE-2018-5955, an unsanitized argument vulnerability in GitStack through v2.3.10, allowing remote code execution via command injection in the web interface. It automates the exploitation process, including repository and user management.

Description

An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/44356

This Metasploit module exploits CVE-2018-5955, an unsanitized argument vulnerability in GitStack through v2.3.10, allowing remote code execution via command injection in the web interface. It automates the exploitation process, including repository and user management.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitStack <= 2.3.10
No auth needed
Prerequisites: Network access to GitStack web interface · Web interface enabled or ability to enable it
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by SecuriTeam · webappsphp
https://www.exploit-db.com/exploits/44044

This exploit demonstrates an unauthenticated remote code execution vulnerability in GitStack by adding a user, enabling web repository access, creating a repository, and uploading a PHP backdoor to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitStack (version not specified)
No auth needed
Prerequisites: Network access to the GitStack server · GitStack web interface must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 647 stars
by YagamiiLight · poc
https://github.com/YagamiiLight/Cerberus

Cerberus is a vulnerability scanner that performs batch scanning for various vulnerabilities including SQLi, XSS, command injection, and middleware-specific CVEs like CVE-2018-5955. It includes features like subdomain enumeration, WAF detection, and proxy rotation.

Classification
Scanner 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Multiple (ThinkPHP, WebLogic, etc.)
No auth needed
Prerequisites: Target URL or file with targets · Optional: Proxy, Cookie, or middleware type
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 10 stars
by MikeTheHash · poc
https://github.com/MikeTheHash/CVE-2018-5955

This is a Python3 exploit for CVE-2018-5955, targeting GitStack 2.3.10 with unauthenticated RCE via PHP backdoor creation. It includes OS detection and reverse shell functionality.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitStack 2.3.10
No auth needed
Prerequisites: Network access to target · GitStack web interface exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by QianliZLP · poc
https://github.com/QianliZLP/GitStackRCE

This Python script exploits CVE-2018-5955, a remote command execution vulnerability in GitStack <= 2.3.10. It automates user creation, repository setup, and payload delivery via HTTP Basic Auth to achieve RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitStack <= 2.3.10
Auth required
Prerequisites: Network access to GitStack web interface · Ability to create users/repositories or existing writable repository
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Kacper Szurek, Jacob Robles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/gitstack_rest.rb

This Metasploit module exploits unauthenticated REST API endpoints in GitStack through v2.3.10 to list users, repositories, create users, and manage repository access. It demonstrates authentication bypass and unauthorized user management.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GitStack through v2.3.10
No auth needed
Prerequisites: Network access to GitStack REST API
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Kacper Szurek, Jacob Robles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/gitstack_rce.rb

This Metasploit module exploits an unsanitized argument vulnerability in GitStack through v2.3.10, allowing remote code execution via command injection in the authentication header. It automates the exploitation process, including repository and user management.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitStack <= v2.3.10
No auth needed
Prerequisites: Network access to the GitStack web interface · Web interface enabled or ability to enable it
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3557
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44356/

Scores

CVSS v3 9.8
EPSS 0.8657
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
smartmobilesoftware/gitstack < 2.3.10
Published Jan 21, 2018
Tracked Since Feb 18, 2026