Bugtraq mailing list archives
Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 16 Nov 2004 09:01:48 +0100
* Hans Ulrich Niedermann:
DETAILS The TWiki search function uses a user supplied search string to compose a command line executed by the Perl backtick (``) operator.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1037 to this issue.
Current thread:
- TWiki search function allows arbitrary shell command execution Hans Ulrich Niedermann (Nov 13)
- Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution Florian Weimer (Nov 16)