CVE-2014-7236 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2014-7236

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

Published: Feb 17, 2020
Updated: Apr 13, 2023
CVE: CVE-2014-7236
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
twiki / twiki	6.0	6.0.x
twiki / twiki	4.2	4.2.4.x
twiki / twiki	4.3	4.3.2.x
twiki / twiki	5.1.0	5.1.4.x
twiki / twiki	5.0	5.0.2.x
twiki / twiki	4.0	4.0.5.x
twiki / twiki	4.1	4.1.2.x