CyberSec.Space Logo
Back to CVE Browser

CVE-2014-7236

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile8.45th
PublishedFeb 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

Affected Platforms (CPE)

πŸ“¦
Twiki

Twiki

>= 4.0 and <= 4.0.5
πŸ“¦
Twiki

Twiki

>= 4.1 and <= 4.1.2
πŸ“¦
Twiki

Twiki

>= 4.2 and <= 4.2.4
πŸ“¦
Twiki

Twiki

>= 4.3 and <= 4.3.2
πŸ“¦
Twiki

Twiki

>= 5.0 and <= 5.0.2
πŸ“¦
Twiki

Twiki

>= 5.1.0 and <= 5.1.4
πŸ“¦
Twiki

Twiki

= 6.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html
πŸ”— http://seclists.org/fulldisclosure/2014/Oct/44
πŸ”— http://www.securityfocus.com/bid/70372
πŸ”— http://www.securitytracker.com/id/1030981
πŸ”— http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html
πŸ”— http://seclists.org/fulldisclosure/2014/Oct/44
πŸ”— http://www.securityfocus.com/bid/70372
πŸ”— http://www.securitytracker.com/id/1030981

Related Vulnerabilities

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2008-530510.0

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% varia...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2013-17519.8

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value...