9.1

CVE-2014-7236

Exploit

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TwikiTwiki Version >= 4.0 <= 4.0.5
TwikiTwiki Version >= 4.1 <= 4.1.2
TwikiTwiki Version >= 4.2 <= 4.2.4
TwikiTwiki Version >= 4.3 <= 4.3.2
TwikiTwiki Version >= 5.0 <= 5.0.2
TwikiTwiki Version >= 5.1.0 <= 5.1.4
TwikiTwiki Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 84.23% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

http://seclists.org/fulldisclosure/2014/Oct/44
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/70372
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030981
Third Party Advisory
VDB Entry