2 writeups tagged with Gitea
Apache mod_rewrite CVE-2024-38472 XSS in redirect. Stored XSS steals admin cookie for Gitea access. SQLite injection and Gitea hook RCE for root.
Searchor 2.4.0 CLI eval() injection for code execution. Gitea instance found via Docker-compose, admin token for privileged script execution.
