Remote Code Execution in CVSWeb 1.80 via Shell Metacharacters

Remote Code Execution in CVSWeb 1.80 via Shell Metacharacters

CVE-2000-0670 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.

Learn more about our Web App Pen Testing.