Twiki rev Parameter Arbitrary Shell Command Execution
High Nessus Network Monitor Plugin ID 3223
SynopsisAn attacker can run arbitrary shell commands on the remote system.
DescriptionThe remote host is running Twiki, an open-source wiki software written in Perl. This version of Twiki is vulnerable to a command insertion flaw. Specifically, an attacker sending a command (within backticks) to the 'rev' parameter would be able to execute arbitrary code on the web server. Example:
SolutionUpgrade or patch according to vendor recommendations.