Description

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.

Related CPE's

a

fusionforge

fusionforge

Vulnerable

References

http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Broken Link

https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Mailing ListVendor Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-06-26T21:15:27.527

5 months ago

Last modified

2025-08-06T16:34:59.133

4 months ago