Intrusion PreventionTWiki.Configure.TYPEOF.Parameter.Command.Execution
Description
TWiki is prone to a remote command-execution vulnerability. This flaw is found in the configure script in TWiki 4.0.0 through 4.0.4 and is caused due to an input validation error. This vulnerability allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". This vulnerability can be exploited by remote attackers to inject and execute arbitrary shell commands with the privileges of the web server.
Affected Products
TWiki 4.0.0 - 4.0.4
Impact
The execution of arbitrary code on the system.
Recommended Actions
The vendor has released an advisory and hotfix to address this issue. More information about this advisory can be found at http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-01 | 25.612 | Name:Twiki. Configure. TYPEOF. Parameter. Command. Execution:TWiki. Configure. TYPEOF. Parameter. Command. Execution |
| 2020-12-11 | 16.978 |
References
1| ID | 12121 |
| Created | Aug 21, 2006 |
| Updated | Jul 31, 2023 |
| Risk |
|
| CVE ID | CVE-2006-3819 |
| Exploit Prediction Score | 11.07% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, Solaris, Other |
| Affected App | Other |