CVE-2008-5305

Properties

Published:
08.12.2008
Updated:
11.12.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki
twiki: twiki

Vulnerability description

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

References:

BID: http://www.securityfocus.com/bid/32668
CONFIRM: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
SECTRACK: http://securitytracker.com/id?1021352
SECUNIA: http://secunia.com/advisories/33040