CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-7236

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile8.45th
Published2020年2月17日
Last Modified2024年11月21日

Vulnerability Description

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

Affected Platforms (CPE)

📦
Twiki

Twiki

>= 4.0 and <= 4.0.5
📦
Twiki

Twiki

>= 4.1 and <= 4.1.2
📦
Twiki

Twiki

>= 4.2 and <= 4.2.4
📦
Twiki

Twiki

>= 4.3 and <= 4.3.2
📦
Twiki

Twiki

>= 5.0 and <= 5.0.2
📦
Twiki

Twiki

>= 5.1.0 and <= 5.1.4
📦
Twiki

Twiki

= 6.0

References & Advisories

🔗 http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2014/Oct/44
🔗 http://www.securityfocus.com/bid/70372
🔗 http://www.securitytracker.com/id/1030981
🔗 http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2014/Oct/44
🔗 http://www.securityfocus.com/bid/70372
🔗 http://www.securitytracker.com/id/1030981

相關漏洞威脅

CVE-2004-103710.0

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search s...

CVE-2008-530510.0

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% varia...

CVE-2005-30569.8

TWiki allows arbitrary shell command execution via the Include function

CVE-2013-17519.8

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value...