Vulnerabilities > CVE-2006-2942 - Privilege Escalation vulnerability in Twiki 4.0.0/4.0.1/4.0.2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. Successful exploitation requires that the "MapUserToWikiName" setting is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html
- http://secunia.com/advisories/20596
- http://securitytracker.com/id?1016323
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
- http://www.osvdb.org/26623
- http://www.securityfocus.com/bid/18506
- http://www.vupen.com/english/advisories/2006/2415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27336