Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker can use this flaw to execute arbitrary code as root via a specially crafted URL.