Vulnerability Details CVE-2005-2877
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.817
EPSS Ranking 99.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=112680475417550&w=2
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev
- http://www.kb.cert.org/vuls/id/757181
- http://www.securityfocus.com/bid/14834
- http://marc.info/?l=bugtraq&m=112680475417550&w=2
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev
- http://www.kb.cert.org/vuls/id/757181
- http://www.securityfocus.com/bid/14834
Products affected by CVE-2005-2877
-
cpe:2.3:a:twiki:twiki:2000-12-01
-
cpe:2.3:a:twiki:twiki:2001-12-01
-
cpe:2.3:a:twiki:twiki:2003-02-01
-
cpe:2.3:a:twiki:twiki:2004-09-01
-
cpe:2.3:a:twiki:twiki:2004-09-02