CVE-2010-0394 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2010-0394
Status Candidate
Description PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
Severity Medium
CVSS score 6,8
CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Phase Assigned (10.02.2010)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0394
References BID : 38076
CONFIRM : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
DEBIAN : DSA-1990
OSVDB : 62147
SECUNIA : 38325
XF : tracgit-command-execution(56105)
SecurityVulns: Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

test server