TWiki.Rev.Parameter.Shell.Command.Injection
Description
It indicates a possible exploit of shell command injection vulnerability in TWiki.
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.
Affected Products
TWiki TWiki 20040902
TWiki TWiki 20040901
TWiki TWiki 20030201
TWiki TWiki 01-Dec-2001
Impact
Execute arbitrary code
Recommended Actions
Apply the latest patch available from the TWiki Web site.
http://twiki.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |