CVE-2000-0670
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
Date published : 2000-10-13
http://www.securityfocus.com/bid/1469
http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html