PT-2008-6431 · Twiki · Twiki

Peter Allor

Published

2008-12-10

Updated

2009-03-03

CVE-2008-5305

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TWiki versions prior to 4.2.4

Description The issue allows remote attackers to execute arbitrary Perl code. This is achieved via the %SEARCH{}% variable, which is used for searching content within TWiki.

Recommendations For versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the %SEARCH{}% variable until a patch is available.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-5305

Affected Products

Twiki

PT-2008-6431 · Twiki · Twiki

CVE-2008-5305

Weakness Enumeration

Related Identifiers

Affected Products

References · 8