oss-sec mailing list archives
CVE Request: Remote Code Execution in Realms Wiki install.sh
From: Javantea <jvoss () altsci com>
Date: Sun, 29 Mar 2015 18:50:25 -0700 (PDT)
Hello, Realms Wiki install.sh is vulnerable to remote code execution. This is unpatched but the author has responded that he intends to fix the bugs when he has the time. At the same time I found a CSRF vulnerability which I asked for a separate CVE for. Product: Realms Wiki Website: http://realms.io/ Github: https://github.com/scragg0x/realms-wiki CVSS Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C) References: [1] http://seclists.org/fulldisclosure/2015/Mar/153 [2] https://twitter.com/scragg0x/status/581602868802682881 Could you allocate a CVE id for this? Thank you and Regards, Javantea.
Current thread:
- CVE Request: Remote Code Execution in Realms Wiki install.sh Javantea (Mar 29)