CVE-2006-2582: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

October 24, 2017 (updated September 21, 2021)

The editing form in RWiki pre1 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.

References

secunia.com/advisories/20264
www.vupen.com/english/advisories/2006/1949
exchange.xforce.ibmcloud.com/vulnerabilities/26668
github.com/advisories/GHSA-wwmf-6p58-6vj2
nvd.nist.gov/vuln/detail/CVE-2006-2582

Detect and mitigate CVE-2006-2582 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →