CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-1751

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile19.81th
Published2019年11月7日
Last Modified2024年11月21日

Vulnerability Description

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

Affected Platforms (CPE)

📦
Twiki

Twiki

< 5.1.4

References & Advisories

🔗 http://www.securitytracker.com/id/1028149
🔗 https://security-tracker.debian.org/tracker/CVE-2013-1751
🔗 https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
🔗 http://www.securitytracker.com/id/1028149
🔗 https://security-tracker.debian.org/tracker/CVE-2013-1751
🔗 https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751

相關漏洞威脅

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2008-530510.0

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% varia...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2014-72369.1

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code ...