CVE-2014-0468

Published: Jun 26, 2025Modified: Aug 6, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.

Affected (1)

Products: Fusionforge: Fusionforge

Fusionforge

1 product

Fusionforge

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fusionforge Fusionforge	Before 5.3\+20140506.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Source: security@debian.org

Broken Link

https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html

Source: security@debian.org

Mailing ListVendor Advisory

Timeline

No history available yet.