What is CVE-2018-5955?

CVE-2018-5955 is a vulnerability in N/a. Published 2018-01-21.

Is CVE-2018-5955 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-5955

An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.

EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

YagamiiLight/Cerberus
MikeTheHash/CVE-2018-5955
QianliZLP/GitStackRCE
rapid7/metasploit-framework
rapid7/metasploit-framework
991688344/2020-shixun
ARPSyndicate/cvemon
HattMobb/Wreath-Network-Pen-Test
anquanscan/sec-tools
b0bac/GitStackRCE

References

blogs.securiteam.com/index.php/archives/3557 (x_refsource_MISC)
44356 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-5955?: CVE-2018-5955 is a vulnerability in N/a. Published 2018-01-21.
Is CVE-2018-5955 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.