CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5305

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile28.01th
PublishedDec 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

Affected Platforms (CPE)

πŸ“¦
Twiki

Twiki

<= 4.2.3
πŸ“¦
Twiki

Twiki

= 4.0.0
πŸ“¦
Twiki

Twiki

= 4.0.1
πŸ“¦
Twiki

Twiki

= 4.0.2
πŸ“¦
Twiki

Twiki

= 4.0.3
πŸ“¦
Twiki

Twiki

= 4.0.4
πŸ“¦
Twiki

Twiki

= 4.0.5
πŸ“¦
Twiki

Twiki

= 4.1.0
πŸ“¦
Twiki

Twiki

= 4.1.1
πŸ“¦
Twiki

Twiki

= 4.1.2
πŸ“¦
Twiki

Twiki

= 4.2.0
πŸ“¦
Twiki

Twiki

= 4.2.1
πŸ“¦
Twiki

Twiki

= 4.2.2

References & Advisories

πŸ”— http://secunia.com/advisories/33040
πŸ”— http://securitytracker.com/id?1021352
πŸ”— http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
πŸ”— http://www.securityfocus.com/bid/32668
πŸ”— http://www.vupen.com/english/advisories/2008/3381
πŸ”— http://secunia.com/advisories/33040
πŸ”— http://securitytracker.com/id?1021352
πŸ”— http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

Related Vulnerabilities

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2013-17519.8

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2014-72369.1

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code ...