// For flags

CVE-2012-6329

Foswiki MAKETEXT - Remote Command Execution

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

La función _compile en Maketext.pm en la implementación de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\) y lo nombres de métodos cualificados durante la compilación o notación de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a través de entradas manipulados sobre una aplicación que acepta la traslación de cadenas desde usuarios, como se demostró por la aplicación TWiki anteriores a v5.1.3, y la aplicación Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-10 CVE Reserved
  • 2012-12-15 CVE Published
  • 2012-12-23 First Exploit
  • 2024-08-04 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (20)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
<= 5.16.2
Search vendor "Perl" for product "Perl" and version " <= 5.16.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10
Search vendor "Perl" for product "Perl" and version "5.10"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.0
Search vendor "Perl" for product "Perl" and version "5.11.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.1
Search vendor "Perl" for product "Perl" and version "5.11.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.2
Search vendor "Perl" for product "Perl" and version "5.11.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.3
Search vendor "Perl" for product "Perl" and version "5.11.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.4
Search vendor "Perl" for product "Perl" and version "5.11.4"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.5
Search vendor "Perl" for product "Perl" and version "5.11.5"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc0
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc4
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc5
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.2
Search vendor "Perl" for product "Perl" and version "5.12.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.2
Search vendor "Perl" for product "Perl" and version "5.12.2"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.0
Search vendor "Perl" for product "Perl" and version "5.13.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.1
Search vendor "Perl" for product "Perl" and version "5.13.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.2
Search vendor "Perl" for product "Perl" and version "5.13.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.3
Search vendor "Perl" for product "Perl" and version "5.13.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.4
Search vendor "Perl" for product "Perl" and version "5.13.4"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.5
Search vendor "Perl" for product "Perl" and version "5.13.5"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.6
Search vendor "Perl" for product "Perl" and version "5.13.6"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.7
Search vendor "Perl" for product "Perl" and version "5.13.7"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.8
Search vendor "Perl" for product "Perl" and version "5.13.8"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.9
Search vendor "Perl" for product "Perl" and version "5.13.9"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.10
Search vendor "Perl" for product "Perl" and version "5.13.10"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.11
Search vendor "Perl" for product "Perl" and version "5.13.11"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.1
Search vendor "Perl" for product "Perl" and version "5.14.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.2
Search vendor "Perl" for product "Perl" and version "5.14.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.3
Search vendor "Perl" for product "Perl" and version "5.14.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.16.0
Search vendor "Perl" for product "Perl" and version "5.16.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.16.1
Search vendor "Perl" for product "Perl" and version "5.16.1"
-
Affected