Unrated severityNVD Advisory· Published Jul 12, 2000· Updated Apr 16, 2026

CVE-2000-0670

Description

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.

Affected products

Cvsweb Developer/Cvsweb
cpe:2.3:a:cvsweb_developer:cvsweb:1.80:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2000-07/0196.htmlnvdExploitPatchVendor Advisory
ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.ascnvd
archives.neohapsis.com/archives/bugtraq/2000-07/0178.htmlnvd
www.securityfocus.com/bid/1469nvd
www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/4925nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000