TWiki prior to 5.1.4 allows remote malicious users to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
twiki twiki