What is CVE-2018-1000533?

CVE-2018-1000533 is a vulnerability in N/a. Published 2018-06-26.

Is CVE-2018-1000533 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-1000533

klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send PO…

EPSS: 0.931 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
J1ezds/Vulnerability-Wiki-page
Threekiii/Awesome-POC
Threekiii/Vulhub-Reproduce
XiaomingX/awesome-poc-for-red-team
bakery312/Vulhub-Reproduce
cyb3r-w0lf/nuclei-template-collection

References

security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html (x_refsource_MISC)
github.com/klaussilveira/gitlist/commit/87b8c26b023c3fc37f0796b14bb13710f397b322 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-1000533?: CVE-2018-1000533 is a vulnerability in N/a. Published 2018-06-26.
Is CVE-2018-1000533 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.