FreeBSD : twiki -- remote Perl code execution (21ce1840-6107-11e4-9e84-0022156e8794)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

TWiki developers report :

The debugenableplugins request parameter allows arbitrary Perl code

Using an HTTP GET request towards a TWiki server, add a specially
crafted debugenableplugins request parameter to TWiki's view script
(typically port 80/TCP). Prior authentication may or may not be

A remote attacker can execute arbitrary Perl code to view and modify
any file the webserver user has access to.


The TWiki site is vulnerable if you see a page with text

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 78816 ()

Bugtraq ID:

CVE ID: CVE-2014-7236

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now