返回 CVE 浏览器

CVE-2004-1037

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0080%

EPSS Percentile15.03th

Published2005年3月1日

Last Modified2026年4月16日

Vulnerability Description

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Affected Platforms (CPE)

📦

Twiki

Twiki

= 2003-02-01

💻

Gentoo

Linux

All versions

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html

🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918

🔗 http://marc.info/?l=bugtraq&m=110037207516456&w=2

🔗 http://security.gentoo.org/glsa/glsa-200411-33.xml

🔗 http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch

🔗 http://www.ciac.org/ciac/bulletins/p-039.shtml

🔗 http://www.securityfocus.com/bid/11674

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18062

相关漏洞威胁

CVE-2008-530510.0

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% varia...

CVE-2013-17519.8

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2014-72369.1

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code ...