oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: Remote Code Execution in Realms Wiki install.sh

From: Javantea <jvoss () altsci com>
Date: Sun, 29 Mar 2015 18:50:25 -0700 (PDT)
Hello,

Realms Wiki install.sh is vulnerable to remote code execution. This is unpatched but the author has responded that he 
intends to fix the bugs when he has the time. At the same time I found a CSRF vulnerability which I asked for a 
separate CVE for.

Product:  Realms Wiki
Website:  http://realms.io/
Github:   https://github.com/scragg0x/realms-wiki
CVSS Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)

References:
[1] http://seclists.org/fulldisclosure/2015/Mar/153
[2] https://twitter.com/scragg0x/status/581602868802682881

Could you allocate a CVE id for this?

Thank you and Regards, Javantea.
Previous By Date Next
Previous By Thread Next

Current thread: