CVE-2013-1751

Name of the Vulnerable Software and Affected Versions TWiki versions prior to 5.1.4

Description The issue allows remote attackers to execute arbitrary shell commands. This is achieved by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the '%MAKETEXT{}%' parameter to minimize the risk of exploitation. Avoid using the MAKETEXT parameter with untrusted input until the issue is resolved.