WEB VULNERABILITY SCANNER DOWNLOAD TRIAL FREE EDITION PRODUCT TOUR WEB SITE SECURITY CENTRE

TWiki rev Parameter Remote Command Execution Security Vulnerability

Description
A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell. This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access

Confirmed in versions TWiki TWiki 20040902, TWiki TWiki 20040901, TWiki TWiki 20030201, TWiki TWiki 01-Dec-2001. Other versions may also be affected.

Impact
Due to insufficient parsing in the TWiki's search engine a remote attackers can cause the program to execute arbitrary code.

References
BID 14834
Homepage

View entire list of over 400 known Web Application Vulnerabilities and the specific technologies which they target. See Web Vulnerabilities in popular applications such as: WordPress, Tiki Wiki, PHPNuke, PHPMyAdmin, phpBB, Mambo, PHP-Fusion, Mantis, Invision Power Board

Get latest new web vulnerabilities via RSS

Download a FREE trial of Acunetix WVS
Take a product tour of Acunetix WVS (includes screenshots & system overview) or view the datasheet (PDF)
Learn more about SQL injection, Cross site scripting (XSS), other web attacks and PCI-DSS at the Web Site Security Centre
See what the IT Press has to say about Acunetix WVS in the reviews page, or read our customer testimonials
List of vulnerabilities Acunetix WVS checks for.
Application Vulnerabilities in popular web applications that Acunetix WVS checks for