VYPR
Unrated severityNVD Advisory· Published May 29, 2007· Updated Jun 16, 2026

CVE-2007-0246

CVE-2007-0246

Description

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.

Affected products

3
  • GForge/Gforge2 versions
    cpe:2.3:a:gforge:gforge:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gforge:gforge:*:*:*:*:*:*:*:*range: <=4.5.16
    • (no CPE)range: <=4.5.16 before 20070524
  • GForge/CVSWebllm-create
    Range: <=4.5.16 before 20070524

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.