CyberSec.Space Logo
Back to CVE Browser

CVE-2013-1751

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile19.81th
PublishedNov 7, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

Affected Platforms (CPE)

πŸ“¦
Twiki

Twiki

< 5.1.4

References & Advisories

πŸ”— http://www.securitytracker.com/id/1028149
πŸ”— https://security-tracker.debian.org/tracker/CVE-2013-1751
πŸ”— https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
πŸ”— http://www.securitytracker.com/id/1028149
πŸ”— https://security-tracker.debian.org/tracker/CVE-2013-1751
πŸ”— https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751

Related Vulnerabilities

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2008-530510.0

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% varia...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2014-72369.1

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code ...