The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
Software | From | Fixed in |
---|---|---|
twiki / twiki | 2000-12-01 | 2000-12-01.x |
twiki / twiki | 2001-12-01 | 2001-12-01.x |
twiki / twiki | 2003-02-01 | 2003-02-01.x |
twiki / twiki | 2004-09-01 | 2004-09-01.x |
twiki / twiki | 2004-09-02 | 2004-09-02.x |