The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl prior to 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent malicious users to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application prior to 5.1.3, and the Foswiki application 1.0.x up to and including 1.0.10 and 1.1.x up to and including 1.1.6.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
perl perl 5.16.0 |
||
perl perl 5.14.3 |
||
perl perl 5.14.0 |
||
perl perl 5.13.2 |
||
perl perl 5.10.0 |
||
perl perl 5.12.0 |
||
perl perl 5.11.4 |
||
perl perl 5.11.2 |
||
perl perl 5.11.3 |
||
perl perl 5.12.3 |
||
perl perl |
||
perl perl 5.16.1 |
||
perl perl 5.14.1 |
||
perl perl 5.13.0 |
||
perl perl 5.13.3 |
||
perl perl 5.11.0 |
||
perl perl 5.10 |
||
perl perl 5.12.1 |
||
perl perl 5.12.2 |
||
perl perl 5.10.1 |
||
perl perl 5.13.5 |
||
perl perl 5.13.4 |
||
perl perl 5.11.5 |
||
perl perl 5.13.8 |
||
perl perl 5.13.9 |
||
perl perl 5.13.10 |
||
perl perl 5.14.2 |
||
perl perl 5.13.7 |
||
perl perl 5.13.6 |
||
perl perl 5.13.1 |
||
perl perl 5.11.1 |
||
perl perl 5.13.11 |