9 lines
No EOL
509 B
Text
9 lines
No EOL
509 B
Text
source: https://www.securityfocus.com/bid/14960/info
|
|
|
|
A remote command execution vulnerability affects the application.
|
|
|
|
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.
|
|
|
|
This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.
|
|
|
|
%INCLUDE{ "Main.TWikiUsers" rev="2|less /etc/passwd" }% |