Vulnerability Details CVE-2006-3819
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.079
EPSS Ranking 91.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/21235
- http://securitytracker.com/id?1016603
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure
- http://www.osvdb.org/displayvuln.php?osvdb_id=27556
- http://www.securityfocus.com/bid/19188
- http://www.vupen.com/english/advisories/2006/2995
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28049
- http://secunia.com/advisories/21235
- http://securitytracker.com/id?1016603
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure
- http://www.osvdb.org/displayvuln.php?osvdb_id=27556
- http://www.securityfocus.com/bid/19188
- http://www.vupen.com/english/advisories/2006/2995
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28049
Products affected by CVE-2006-3819
-
cpe:2.3:a:twiki:twiki:4.0
-
cpe:2.3:a:twiki:twiki:4.0.0
-
cpe:2.3:a:twiki:twiki:4.0.1
-
cpe:2.3:a:twiki:twiki:4.0.2
-
cpe:2.3:a:twiki:twiki:4.0.3
-
cpe:2.3:a:twiki:twiki:4.0.4