Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Twiki Perl 4.x, 5.x, 6.x Upload Bypass / Code Execution Vulnerabilities | 10 Oct 201400:00 | – | zdt |
 | Twiki/Fosswiki Unauthenticated Arbitrary File Upload (CVE-2014-7237) | 3 Dec 201400:00 | – | checkpoint_advisories |
 | CVE-2014-7237 | 16 Oct 201400:00 | – | cvelist |
 | CVE-2014-7237 | 16 Oct 201400:55 | – | nvd |
 | Twiki Upload Bypass | 10 Oct 201400:00 | – | packetstorm |
 | Code injection | 16 Oct 201400:55 | – | prion |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| filepath2 | request body | bin/upload.cgi | Remote upload of specially named files via TWiki bin/upload.cgi, enabling potential execution of uploaded files (e.g., .htaccess) on Windows servers. | CWE-264 |
| filepath2 | request body | bin/upload.cgi/Main/WebHome | Attack vector using a crafted file upload to TWiki that can create an .htaccess file or similar configuration in the upload directory, allowing remote code execution on Windows. | CWE-264 |
| crypttoken | request body | bin/upload.cgi/Main/WebHome | Attack vector using a crafted file upload to TWiki that can create an .htaccess file or similar configuration in the upload directory, allowing remote code execution on Windows. | CWE-264 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 00:14Current
7.6High risk
Vulners AI Score7.6
CVSS 26.8
EPSS0.20059