Summary
The host is installed with foswiki and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute shell commands by Perl backtick (``) operators.
Impact Level: System/Application
Solution
Upgrade to Foswiki version 1.1.7 or later or apply patch, http://foswiki.org/Support/SecurityAlert-CVE-2012-6329 http://foswiki.org/Support/SecurityAlert-CVE-2012-6330
Insight
flaw is due to improper validation of '%MAKETEXT{}%' foswiki macro (UserInterfaceInternationalisation is enabled) which is used to localize user interface content to a language of choice.
Affected
Foswiki version 1.0.0 through 1.0.10 and 1.1.0 through 1.1.6
References
Severity
Classification
-
CVE CVE-2012-6329, CVE-2012-6330 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Admbook PHP Code Injection Flaw
- AproxEngine Multiple Remote Input Validation Vulnerabilities