Published: 17/02/2020 Updated: 20/02/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki prior to 6.0.1 allows remote malicious users to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

Vulnerable Product	Search on Vulmon	Subscribe to Product
twiki twiki
twiki twiki 6.0

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'T ...

TWiki versions 40x through 600 contain a vulnerability in the Debug functionality The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution ...

The debugenableplugins request parameter in Twiki versions 4x, 5x, and 600 allows arbitrary Perl code execution ...

Exploit for CVE-2014-7236

Exploit for TWiki code execution CVE-2014-7236 usage: perl exploitpl host [cmd] ex perl exploitpl 127001/Main/WebHome "uname -a" Reference: seclistsorg/fulldisclosure/2014/Oct/44

CWE-74 http://www.securityfocus.com/bid/70372 http://seclists.org/fulldisclosure/2014/Oct/44 http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html http://www.securitytracker.com/id/1030981 https://nvd.nist.gov https://github.com/m0nad/CVE-2014-7236_Exploit https://www.exploit-db.com/exploits/36438/

CVE-2014-7236

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect