Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gain a shell remotely --> Category: infos

TWiki INCLUDE Function Command Execution Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for INCLUDE function command execution vulnerability in TWiki

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server includes a CGI script that allows for arbitrary
shell command execution.

Description :

According to its banner, the installed version of TWiki allows an
attacker, by manipulating input to the 'rev' parameter, to execute
arbitrary shell commands on the remote host subject to the rights
of the web server user id.

See also :

Solution :

Apply the appropriate hotfix listed in the vendor advisory.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.