Twiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when specially crafted shell metacharacters are passed to the Search parameter, which does not validate input.
Classification
Location:
Remote / Network Access
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Solution:
Upgrade
Exploit:
Exploit Public,
Exploit Commercial
Disclosure:
Vendor Verified,
Uncoordinated Disclosure,
Discovered in the Wild
OSVDB:
Web Related
Solution
Upgrade to version 02Sep2004 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.