CVSS: 10.0EPSS: 3%CPEs: 13EXPL: 1CVE-2008-5305 – TWiki 4.x - 'SEARCH' Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5305
10 Dec 2008 — Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. Vulnerabilidad de inyección "eval" en TWiki y versiones anteriores a 4.2.4 que permite a los atacantes remotos ejecutar arbitrariamente código Perl a través de la variable %SEARCH{}%. • https://www.exploit-db.com/exploits/32645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2006-3336
https://notcve.org/view.php?id=CVE-2006-3336
05 Jul 2006 — TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de s... • http://secunia.com/advisories/20992 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-1387
https://notcve.org/view.php?id=CVE-2006-1387
26 Mar 2006 — TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 •