TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
BID:58024
Info
TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 58024 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1751 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | Feb 18 2013 12:00AM |
| Credit: | John Lightsey |
| Vulnerable: |
TWiki TWiki 5.1.3 TWiki TWiki 5.1 TWiki TWiki 5.0.2 TWiki TWiki 5.0.1 TWiki TWiki 5.0 TWiki TWiki 4.3.2 TWiki TWiki 4.3.1 TWiki TWiki 4.3 TWiki TWiki 4.2.4 TWiki TWiki 4.2.3 TWiki TWiki 4.2.2 TWiki TWiki 4.2.1 TWiki TWiki 4.2 TWiki TWiki 4.1.2 TWiki TWiki 4.1.1 TWiki TWiki 4.1 TWiki TWiki 4.0.5 TWiki TWiki 4.0.4 TWiki TWiki 4.0.3 TWiki TWiki 4.0.2 TWiki TWiki 4.0.1 TWiki TWiki 5.1.2 TWiki TWiki 5.1.1 TWiki TWiki 4 |
| Not Vulnerable: | |
Discussion
TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
TWiki is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.
Note: This issue is the result of an incomplete fix for the issue described in BID 56950 (TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities).
TWiki is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.
Note: This issue is the result of an incomplete fix for the issue described in BID 56950 (TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities).
Exploit / POC
TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
TWiki 'MAKETEXT' Variable CVE-2013-1751 Arbitrary Command Execution Vulnerability
References:
References: