TWiki 'debugenableplugins' Parameter Remote Code Execution Vulnerability Network Vulnerability

Summary

TWiki is prone to remote code-execution vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary code in the context of the webserver user.

Solution

Updates are available.

Insight

It is possible to execute arbitrary Perl code by adding a 'debugenableplugins=' parameter with a specially crafted value.

Affected

TWiki 6.0.0 TWiki 5.1.0 through TWiki 5.1.4 TWiki 5.0.0 through TWiki 5.0.2 TWiki 4.3.0 through TWiki 4.3.2 TWiki 4.2.0 through TWiki 4.2.4 TWiki 4.1.0 through TWiki 4.1.2 TWiki 4.0.0 through TWiki 4.0.5

Detection

Send a HTTP GET request and check the response.

References

http://twiki.org/
http://www.securityfocus.com/bid/70372

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-7236

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
AlienForm CGI script

Take action and discover your vulnerabilities