Intrusion Prevention

TWiki.Rev.Parameter.Shell.Command.Injection

Description

It indicates a possible exploit of shell command injection vulnerability in TWiki.
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.

Affected Products

TWiki TWiki 20040902
TWiki TWiki 20040901
TWiki TWiki 20030201
TWiki TWiki 01-Dec-2001

Impact

Execute arbitrary code

Recommended Actions

Apply the latest patch available from the TWiki Web site.
http://twiki.org/

CVE References

CVE-2005-2877