vendor:
TWiki
by:
Netanel Rubin, h0ng10
9.1
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: TWiki
Affected Version From: 4.0.x
Affected Version To: 6.0.0
Patch Exists: YES
Related CWE: CVE-2014-7236
CPE: a:twiki:twiki
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unix
2014
TWiki Debugenableplugins Remote Code Execution
TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
Mitigation:
Upgrade to TWiki version 6.0.1 or later.