TWiki TWikiUsers Remote Arbitrary Command Execution Vulnerability

ID SSV:79903
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


A remote command execution vulnerability affects the application.

The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.

This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.