Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Codefever has a Remote Command Execute Vulnerability In latest version #189

Closed
Boogipop opened this issue Dec 5, 2023 · 1 comment · Fixed by #190
Closed

The Codefever has a Remote Command Execute Vulnerability In latest version #189

Boogipop opened this issue Dec 5, 2023 · 1 comment · Fixed by #190
Labels
vulnerability

Comments

@Boogipop
Copy link

Boogipop commented Dec 5, 2023
edited

Vul Path

/application/controllers/reposity.php
/application/controllers/repository_model.php

Exploit Reproduction

Attackers can gain shell access to the server by creating a custom email account.
First, register a malicious account.
image
Then, we just need to create a repository group and a repository.
image
Next, access the "Create Merge Request" interface.
image
Ultimately, the malicious code is executed.
image
we can get an reverse_shell finally
image

Vul Point

Useless Regex Pattern leads to RCE
image

image
@Boogipop Boogipop changed the title The Codefeve has a Remote Command Execute Vulnerability In latest version The Codefever has a Remote Command Execute Vulnerability In latest version Dec 5, 2023
@cubicwork
Copy link
Contributor

@Boogipop thx for warning, and we would fix this issue soon.

@cubicwork cubicwork mentioned this issue Dec 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dev/master PGYER/codefever
2 participants
@cubicwork @Boogipop