Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5305

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5305
Last Modified 03 Mar 2009 02:00:26
Published 09 Dec 2008 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5305

Summary

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

Vulnerable Systems

Application

  • Twiki 4.0.0

  • Twiki 4.0.1

  • Twiki 4.0.2

  • Twiki 4.0.3

  • Twiki 4.0.4

  • Twiki 4.0.5

  • Twiki 4.1.0

  • Twiki 4.1.1

  • Twiki 4.1.2

  • Twiki 4.2.0

  • Twiki 4.2.1

  • Twiki 4.2.2

  • Twiki 4.2.3


References

VUPEN - ADV-2008-3381

BID - 32668

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

SECTRACK - 1021352

SECUNIA - 33040


Last Updated: 27 May 2016 10:48:46