SAINT CorporationSAINT:B5EFEC6198B748AE4A53EE12CE11032ATWiki revision control shell command injection
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.6%
Added: 04/06/2006
CVE: CVE-2005-2877
BID: 14834
OSVDB: 19403
Background
TWiki is a web-based collaboration platform written in PERL.
Problem
The revision control function in TWiki does not sufficiently check the **rev** parameter before using it in a shell command call. This allows remote attackers to execute arbitrary commands using a **rev** parameter containing shell metacharacters.
Resolution
Apply the patch referenced in CIAC Bulletin P-307.
References
<http://archives.neohapsis.com/archives/bugtraq/2005-09/0154.html>
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.6%