Posted by m6w6 on 12th September 2004 in Mike's sudden inspirations: PHP
If you’re running Hordes Chora 1.2 you should immediately upgrade your Horde installation or temporarily disable CVS access through HTTP.
Unfiltered $_GET as shell argument
On a quick glance scripts like diff.php seem to use unfiltered $_GET parameters as shell command arguments, which will allow any remote user to execute any command as webserver user.
A request like ~~http://cvs.your.host/… ~~ will reveal the process list of the machine.