A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.

UnKnoWnCheaTs


Multiplayer Game Hacking and Cheats. We encourage an open, free and collaborative environment for cheating in games. We supply content and information for game cheats and game hacking through our forum, download database, and structured tutorials.

Listed: