Summary
The host is running TWiki and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute shell commands by Perl backtick (``) operators.
Impact Level: System/Application
Solution
Upgrade to TWiki-5.1.3 or later or apply patch,
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
Insight
flaw is due to improper validation of '%MAKETEXT{}%' Twiki variable (UserInterfaceInternationalisation is enabled) which is used to localize user interface content to a language of choice.
Affected
TWiki version 5.1.0 to 5.1.2, 5.0.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x
References
Severity
Classification
-
CVE CVE-2012-6329, CVE-2012-6330 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities