lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
Max CVSS
6.8
EPSS Score
12.12%
Published
2014-10-16
Updated
2017-09-08
CVE-2014-7236
Public exploit
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Max CVSS
9.1
EPSS Score
95.08%
Published
2020-02-17
Updated
2020-02-20
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
Max CVSS
10.0
EPSS Score
2.31%
Published
2019-11-07
Updated
2019-11-08
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
Max CVSS
5.0
EPSS Score
0.76%
Published
2013-01-04
Updated
2016-11-28
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
Max CVSS
6.8
EPSS Score
0.11%
Published
2010-09-07
Updated
2010-11-12
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
Max CVSS
6.0
EPSS Score
0.36%
Published
2009-04-30
Updated
2017-08-17
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
Max CVSS
10.0
EPSS Score
5.46%
Published
2008-12-10
Updated
2009-03-03
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
Max CVSS
6.8
EPSS Score
12.37%
Published
2008-09-18
Updated
2017-09-29
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
Max CVSS
9.0
EPSS Score
1.57%
Published
2006-12-02
Updated
2017-07-20
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
5.0
EPSS Score
1.08%
Published
2006-09-09
Updated
2011-03-08
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
Max CVSS
7.5
EPSS Score
11.07%
Published
2006-07-27
Updated
2017-07-20
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
Max CVSS
5.1
EPSS Score
2.15%
Published
2006-06-20
Updated
2017-07-20
12 vulnerabilities found