Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > TWiki - TWiki history function allows arbitrary shell command execution

September 2005

TWiki - TWiki history function allows arbitrary shell command execution

ID: 00806
Ref: 750/05
Date: 16 September 2005:11:25:52
Version: 1
Title: TWiki - TWiki history function allows arbitrary shell command execution
Abstract:
Vendors affected: TWiki
Applications affected: TWiki

Title
=====
TWiki - TWiki history function allows arbitrary shell command execution


Detail
======

The TWiki website has released a security alert relating to a vulnerability in the
history function in TWiki. According to the alert, the impact of the vulnerability
is that "an attacker is able to execute arbitrary shell commands with the privileges
of the web server process, such as user nobody."

The security alert can be viewed at the following URL:
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |