CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-25 20:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
efebdd4f2d72a3494ec92163e9e88e00a3646b8a
CVEs-PoC/2022/CVE-2022-1884.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

1.1 KiB
Raw Blame History

CVE-2022-1884

Description

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the tree_path parameter during file uploads. An attacker can set tree_path=.git. to upload a file into the .git directory, allowing them to write or rewrite the .git/config file. If the core.sshCommand is set, this can lead to remote command execution.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink