twiki: arbitrary code execution
| Package(s): | twiki | CVE #(s): | CVE-2007-0669 | ||||
| Created: | February 12, 2007 | Updated: | February 14, 2007 | ||||
| Description: | According to this vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem. | ||||||
| Alerts: |
| ||||||