TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
BID:12637
Info
TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
| Bugtraq ID: | 12637 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2005 12:00AM |
| Updated: | Feb 23 2005 12:00AM |
| Credit: | Florian Weimer <[email protected]> is credited with the disclosure of these issues. |
| Vulnerable: |
TWiki TWiki 20040902 TWiki TWiki 20040901 TWiki TWiki 20030201 TWiki TWiki 01-Feb-2003 |
| Not Vulnerable: | |
Discussion
TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
Multiple unspecified input validation vulnerabilities reportedly affect TWiki. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to carry out critical functionality.
An attacker may execute arbitrary commands, potentially facilitating a compromise of the host computer, by leveraging these issues. Any command execution would take place with the privileges of the affected process. Other attacks may also be possible.
Multiple unspecified input validation vulnerabilities reportedly affect TWiki. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to carry out critical functionality.
An attacker may execute arbitrary commands, potentially facilitating a compromise of the host computer, by leveraging these issues. Any command execution would take place with the privileges of the affected process. Other attacks may also be possible.
Exploit / POC
TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
No exploit is required to leverage these issues.
No exploit is required to leverage these issues.
Solution / Fix
TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
TWiki Multiple Unspecified Remote Input Validation Vulnerabilities
References:
References:
- Increasing TWiki's Robustness Against Shell Command Injection (Florian Weimer)
- TWiki Homepage (TWiki)