### [CVE-2018-5955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5955)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44356/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/0xaniketB/TryHackMe-Wreath
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite
- https://github.com/991688344/2020-shixun
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HattMobb/Wreath-Network-Pen-Test
- https://github.com/MikeTheHash/CVE-2018-5955
- https://github.com/YagamiiLight/Cerberus
- https://github.com/anquanscan/sec-tools
- https://github.com/b0bac/GitStackRCE
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/merlinepedra/CERBERUS-SHELL
- https://github.com/merlinepedra25/CERBERUS-SHELL
- https://github.com/popmedd/ukiwi
- https://github.com/snix0/GitStack-RCE-Exploit-Shell
- https://github.com/zoroqi/my-awesome