Vulnerabilities > CVE-2006-3819 - Remote Command Execution vulnerability in TWiki Configure Script TYPEOF Parameter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description TWiki <= 4.0.4 (configure) Remote Command Execution Exploit. CVE-2006-3819. Webapps exploit for php platform id EDB-ID:2143 last seen 2016-01-31 modified 2006-08-07 published 2006-08-07 reporter Javier Olascoaga source https://www.exploit-db.com/download/2143/ title TWiki <= 4.0.4 configure Remote Command Execution Exploit description TWiki <= 4.0.4 (Configure Script) Remote Code Execution Exploit (meta). CVE-2006-3819. Webapps exploit for php platform id EDB-ID:2110 last seen 2016-01-31 modified 2006-08-02 published 2006-08-02 reporter David Maciejak source https://www.exploit-db.com/download/2110/ title TWiki <= 4.0.4 Configure Script Remote Code Execution Exploit meta
Nessus
NASL family | CGI abuses |
NASL id | TWIKI_CONFIGURE_CMD_EXEC.NASL |
description | The version of TWiki installed on the remote host uses an unsafe |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22123 |
published | 2006-07-31 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22123 |
title | TWiki configure Script Arbitrary Command Execution |
code |
|
References
- http://secunia.com/advisories/21235
- http://securitytracker.com/id?1016603
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure
- http://www.osvdb.org/displayvuln.php?osvdb_id=27556
- http://www.securityfocus.com/bid/19188
- http://www.vupen.com/english/advisories/2006/2995
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28049