CVE-2012-6329

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.17.7 TWiki versions prior to 5.1.3 Foswiki versions 1.0.x through 1.0.10 and 1.1.x through 1.1.6

Description The issue is related to the compile function in Maketext.pm, which does not properly handle backslashes and fully qualified method names during compilation of bracket notation. This allows attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Perl versions prior to 5.17.7, update to version 5.17.7 or later to resolve the issue. For TWiki versions prior to 5.1.3, update to version 5.1.3 or later. For Foswiki versions 1.0.x through 1.0.10, update to a version after 1.0.10. For Foswiki versions 1.1.x through 1.1.6, update to a version after 1.1.6.