Summary
The host is installed with foswiki and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute shell commands by Perl backtick (``) operators.
Impact Level: System/Application
Solution
Upgrade to Foswiki version 1.1.7 or later or apply patch, http://foswiki.org/Support/SecurityAlert-CVE-2012-6329 http://foswiki.org/Support/SecurityAlert-CVE-2012-6330
Insight
flaw is due to improper validation of '%MAKETEXT{}%' foswiki macro (UserInterfaceInternationalisation is enabled) which is used to localize user interface content to a language of choice.
Affected
Foswiki version 1.0.0 through 1.0.10 and 1.1.0 through 1.1.6
References
Severity
Classification
-
CVE CVE-2012-6329, CVE-2012-6330 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- ATutor < 1.5.1-pl1 Multiple Flaws
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities