Attackers can gain shell access to the server by creating a custom email account.
First, register a malicious account.
Then, we just need to create a repository group and a repository.
Next, access the "Create Merge Request" interface.
Ultimately, the malicious code is executed.
we can get an reverse_shell finally
Vul Path
/application/controllers/reposity.php
/application/controllers/repository_model.php
Exploit Reproduction
Attackers can gain shell access to the server by creating a custom email account. First, register a malicious account. Then, we just need to create a repository group and a repository. Next, access the "Create Merge Request" interface. Ultimately, the malicious code is executed. we can get an reverse_shell finally
Vul Point
Useless Regex Pattern leads to RCE