Unrated severityNVD Advisory· Published Dec 14, 2007· Updated Apr 23, 2026

CVE-2007-6350

Description

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

Affected products

Scponly/Scponly5 versions
cpe:2.3:a:scponly:scponly:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:scponly:scponly:*:*:*:*:*:*:*:*range: <=4.6
- cpe:2.3:a:scponly:scponly:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:scponly:scponly:4.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/28123nvdVendor Advisory
secunia.com/advisories/28538nvdVendor Advisory
secunia.com/advisories/28944nvdVendor Advisory
secunia.com/advisories/28981nvdVendor Advisory
www.vupen.com/english/advisories/2007/4243nvdVendor Advisory
bugs.debian.org/cgi-bin/bugreport.cginvd
bugs.gentoo.org/show_bug.cginvd
osvdb.org/44137nvd
scponly.cvs.sourceforge.net/scponly/scponly/SECURITYnvd
security.gentoo.org/glsa/glsa-200802-06.xmlnvd
www.debian.org/security/2008/dsa-1473nvd
www.securityfocus.com/bid/26900nvd
www.securitytracker.com/idnvd
www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000