CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Twiki: >> Twiki >> 5.1.3 Security Vulnerabilities

CVE-2014-7236

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

CVSS Score

9.1

EPSS Score

0.842

Published

2020-02-17

CVE-2013-1751

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

CVSS Score

9.8

EPSS Score

0.047

Published

2019-11-07

CVE-2014-7237

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

CVSS Score

6.8

EPSS Score

0.296

Published

2014-10-16

Page 1

Vulnerabilities

Vulnerable Software

Twiki: >> Twiki >> 5.1.3 Security Vulnerabilities

Products

Pricing

Contact Us