CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-5305

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile28.01th
Published2008年12月10日
Last Modified2026年4月23日

Vulnerability Description

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

Affected Platforms (CPE)

📦
Twiki

Twiki

<= 4.2.3
📦
Twiki

Twiki

= 4.0.0
📦
Twiki

Twiki

= 4.0.1
📦
Twiki

Twiki

= 4.0.2
📦
Twiki

Twiki

= 4.0.3
📦
Twiki

Twiki

= 4.0.4
📦
Twiki

Twiki

= 4.0.5
📦
Twiki

Twiki

= 4.1.0
📦
Twiki

Twiki

= 4.1.1
📦
Twiki

Twiki

= 4.1.2
📦
Twiki

Twiki

= 4.2.0
📦
Twiki

Twiki

= 4.2.1
📦
Twiki

Twiki

= 4.2.2

References & Advisories

🔗 http://secunia.com/advisories/33040
🔗 http://securitytracker.com/id?1021352
🔗 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
🔗 http://www.securityfocus.com/bid/32668
🔗 http://www.vupen.com/english/advisories/2008/3381
🔗 http://secunia.com/advisories/33040
🔗 http://securitytracker.com/id?1021352
🔗 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

関連する脆弱性情報

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2013-17519.8

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2014-72369.1

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code ...