Vulnerability Description
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Perforce | Perforce Server | 2008.1 |
Related Weaknesses (CWE)
References
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.htmlExploit
- http://www.securityfocus.com/bid/36261
- http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.htmlExploit
- http://www.securityfocus.com/bid/36261
FAQ
What is CVE-2010-0934?
CVE-2010-0934 is a vulnerability with a CVSS score of 7.1 (HIGH). The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunctio...
How severe is CVE-2010-0934?
CVE-2010-0934 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0934?
Check the references section above for vendor advisories and patch information. Affected products include: Perforce Perforce Server.